Closed Bug 174739 Opened 22 years ago Closed 22 years ago

SSL certificates from two servers seem to overlap

Categories

(Core Graveyard :: Security: UI, defect, P3)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
CLOSED DUPLICATE of bug 114425

People

(Reporter: simon, Unassigned)

References

Details

Version: 0.3 
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021014 Phoenix/0.3

I have two servers with self-signed certificates:

data.mtds.com
auth.mtds.com

If I login to one, then go to the other, then I get a message that the
certificate is invalid for auth.mtds.com when I've been to data.mtds.com and
vice versa, i.e. it seems to be reading the certificate for data when contacting
auth.

To reproduce this bug go to https://data.mtds.com/sysadmin for example (you
won't have to have a login to check), accept the self signed certificate, then
go to https://auth.mtds.com and you should get rejected.

Deleting the cache and restarting allows me to see either site. Checking SSL
environment variables shows the certificate for auth and data are reasonably
correct.

I can't test this with Mozilla, sorry, don't have disk space for it.
This looks like a mozilla issue.
Assignee: blaker → new-network-bugs
Component: General → Networking
Product: Phoenix → Browser
QA Contact: asa → benc
Version: unspecified → other
"incorrect Message Authentication Code" (2002101617, Win2k SP3)
Sorry, this is not a Pheonix bug, but a Mozilla bug, I was able to test it 
last night with Mozilla and had the same problems.

Indeed, I get the message "incorrect Message Authentication Code"
Dupe of bug 114425. For both web sites, the Certificate Authority and Serial 
number are the same. No two different certs should EVER have the same issuer and 
serial number. That is an X509 rule, and mozilla relies on it.  It is proper to 
do so.
Reporter, I suggest that you reissue one of the server certificates with a 
serial number different than 01.

*** This bug has been marked as a duplicate of 114425 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Component: Networking → Client Library
OS: Linux → All
Product: Browser → PSM
Hardware: PC → All
Resolution: --- → DUPLICATE
Version: other → 2.4
V
Status: RESOLVED → VERIFIED
Priority: -- → P3
QA Contact: benc → junruh
Thankyou very much, that worked!

That means that IE5, 5.5, 6, Opera and Konqueror all do not respect this thing
with certificates. I learned something today.
Status: VERIFIED → CLOSED
*** Bug 179312 has been marked as a duplicate of this bug. ***
Product: PSM → Core
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.