User-Agent: Mozilla/5.0 (Windows; U; Win9x; en; Stable) Gecko/20020911 Beonex/0.8.1-stable Build Identifier: Mozilla/5.0 (Windows; U; Win9x; en; Stable) Gecko/20020911 Beonex/0.8.1-stable The webserver is having a canonical name server4.streaming.cesnet.cz and a CNAME prenosy.cesnet.cz . According to RFC 2459 section 22.214.171.124 the certificate contains also Subject Alternative Name items with both A and CNAME. The OID for SAN DNS is, however ignored, thereby forcing the server's owner to get extra IP address for running every virtual HTTPS server (same for other secured services). Let me note that MSIE handles this technique correctly. Reproducible: Always Steps to Reproduce: 1. (Optional) download and install CA certificate from http://www.cesnet.cz/ca/TEN-155_CZ_Root_CA.crt 2. Go to https://prenosy.cesnet.cz/ . You will see the correct page. 3. Go to https://server4.streaming.cesnet.cz/ . Actual Results: a message box appears: You have attempted to establish a connection with "server4.streaming.cesnet.cz." However, the security certificate presented belongs to "prenosy.cesnet.cz"... Expected Results: Not displaying any warning, as certificate's X.509v3 Subject Alternative Name did contain both DNS names of the server. I am not able to decide about severity of this bug as it is a minor bug for one's "supersecure" password to presets of a webpage, *extremely annoying* bug when you are trying to download your e-mail via IMAP and you see that _every time_ Mozilla Mail tries to download the mail or _severe_ for any e-commerce.
Nelson, could you look at this bug? I believe this is a duplicate of bug 103752, which you fixed in NSS 3.5.1 and is in the latest Mozilla releases. Mr. Dolezal, what is the Mozilla version you are using? Could you right-mouse over the nss3.dll file in your Mozilla installation, choose the menu item "Properties", in the "nss3.dll Properties" dialog, choose the "Version" tab, click on "Product Version", and get the NSS version number?
Assignee: wtc → nelsonb
Mr. Dolezal, you can help us find out if this is a duplicate of bug 103752 as follows. 1. Download the latest NSS 3.6.1 distribution for Windows: ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_3_6_1_RTM/WIN954.0_OPT.OBJ/nss-3.6.1.zip NSS 3.6.1 contains the fix for bug 103752. 2. Unpack the zip file. In the nss-3.6.1/lib directory, there should be these five DLLs: nss3.dll, softokn3.dll, nssckbi.dll, smime3.dll, and ssl3.dll. 3. Exit Mozilla, if it is running. 4. Replace the five NSS DLLs in your Mozilla installation by the new ones in nss-3.6.1/lib. (You should save the old NSS DLLs before you copy the new ones over.) 5. Start up Mozilla and test it.
Kai just confirmed that this works as expected (no warning) with a recent build featuring NSS 3.6.1 Beta. So I am marking this as a duplicate of bug 103752 *** This bug has been marked as a duplicate of 103752 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.