Closed Bug 1648670 Opened 5 years ago Closed 5 years ago

certificate mismatch domain name ending with hyphen

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(firefox78 wontfix, firefox79 wontfix, firefox80 wontfix)

Status:
RESOLVED DUPLICATE of bug 1184059
Tracking Flags:
Tracking Status
firefox78 --- wontfix
firefox79 --- wontfix
firefox80 --- wontfix

People

(Reporter: zbinlin, Unassigned)

Details

(Keywords: parity-chrome)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0

Steps to reproduce:

Enter https://test-.github.io/ in browser

Actual results:

Show Error code: SSL_ERROR_BAD_CERT_DOMAIN

Expected results:

Show 404

Hi, Thanks for taking the time to report this issue, I will set a component for it in order for our dev team to take a look at this, also I think it might be related to Bug 1627800 but I'm not entirely sure, please change it to the Security Component if its more suitable for this issue.

Status: UNCONFIRMED → NEW
status-firefox78: --- → affected
status-firefox79: --- → affected
status-firefox80: --- → affected
Component: Untriaged → Networking: HTTP
Ever confirmed: true
Product: Firefox → Core
Assignee: nobody → nobody
Component: Networking: HTTP → Libraries
Keywords: parity-chrome
Product: Core → NSS
QA Contact: jjones
Version: 77 Branch → other

Labels must not end with a hyphen: https://searchfox.org/mozilla-central/rev/d2cec90777d573585f8477d5170892e5dcdfb0ab/security/nss/lib/mozpkix/lib/pkixnames.cpp#2013

There's more discussion in the linked bug, including Chrome's effort to also enforce the DNS spec by prohibiting trailing hyphens in sub-labels.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.