If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

SSL certificates from two servers seem to overlap

CLOSED DUPLICATE of bug 114425

Status

Core Graveyard
Security: UI
P3
normal
CLOSED DUPLICATE of bug 114425
15 years ago
a year ago

People

(Reporter: Simon White, Unassigned)

Tracking

1.0 Branch

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
Version: 0.3 
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021014 Phoenix/0.3

I have two servers with self-signed certificates:

data.mtds.com
auth.mtds.com

If I login to one, then go to the other, then I get a message that the
certificate is invalid for auth.mtds.com when I've been to data.mtds.com and
vice versa, i.e. it seems to be reading the certificate for data when contacting
auth.

To reproduce this bug go to https://data.mtds.com/sysadmin for example (you
won't have to have a login to check), accept the self signed certificate, then
go to https://auth.mtds.com and you should get rejected.

Deleting the cache and restarting allows me to see either site. Checking SSL
environment variables shows the certificate for auth and data are reasonably
correct.

I can't test this with Mozilla, sorry, don't have disk space for it.

Comment 1

15 years ago
This looks like a mozilla issue. 
Assignee: blaker → new-network-bugs
Component: General → Networking
Product: Phoenix → Browser
QA Contact: asa → benc
Version: unspecified → other
"incorrect Message Authentication Code" (2002101617, Win2k SP3)
(Reporter)

Comment 3

15 years ago
Sorry, this is not a Pheonix bug, but a Mozilla bug, I was able to test it 
last night with Mozilla and had the same problems.

Indeed, I get the message "incorrect Message Authentication Code"

Comment 4

15 years ago
Dupe of bug 114425. For both web sites, the Certificate Authority and Serial 
number are the same. No two different certs should EVER have the same issuer and 
serial number. That is an X509 rule, and mozilla relies on it.  It is proper to 
do so.
Reporter, I suggest that you reissue one of the server certificates with a 
serial number different than 01.

*** This bug has been marked as a duplicate of 114425 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Component: Networking → Client Library
OS: Linux → All
Product: Browser → PSM
Hardware: PC → All
Resolution: --- → DUPLICATE
Version: other → 2.4

Comment 5

15 years ago
V
Status: RESOLVED → VERIFIED
Priority: -- → P3
QA Contact: benc → junruh
(Reporter)

Comment 6

15 years ago
Thankyou very much, that worked!

That means that IE5, 5.5, 6, Opera and Konqueror all do not respect this thing
with certificates. I learned something today.
Status: VERIFIED → CLOSED

Comment 7

15 years ago
*** Bug 179312 has been marked as a duplicate of this bug. ***

Updated

13 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

9 years ago
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.