Closed Bug 1493945 Opened 3 years ago Closed 3 years ago
_ERROR _BAD _CERT _DOMAIN error with SAN certificate
User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0 Build ID: 20180830143136 Steps to reproduce: Create a certificate with the following X509v3 Subject Alternative Name extension: IP Address:172.28.242.25, DNS:172.28.242.25, DNS:gsec.ott7gvm1.genband.com, DNS:gsec4. Access the website with the URL https://gsec.ott7gvm1.genband.com:2443. See also https://support.mozilla.org/en-US/questions/1233865 Actual results: The following error message was displayed, which is incorrect. gsec.ott7gvm1.genband.com:2443 uses an invalid security certificate. The certificate is only valid for the following names: 172.28.242.25, 172.28.242.25, gsec.ott7gvm1.genband.com, gsec4 Error code: SSL_ERROR_BAD_CERT_DOMAIN Expected results: The URL https://gsec.ott7gvm1.genband.com:2443 should have been accepted without such error. Note that if the X509v3 Subject Alternative Name is created with the following order, this issue does not happen. The parsing logic seems to be sensitive to the order of the SAN entries. DNS:gsec.ott7gvm1.genband.com, DNS:gsec5, IP Address:172.28.242.25, DNS:172.28.242.25
Component: Untriaged → Security: PSM
Product: Firefox → Core
Bug 1196364 would probably address this.
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1196364
You need to log in before you can comment on or make changes to this bug.