Firefox is wrongfully display SSL_ERROR_BAD_CERT_DOMAIN on .onion domains even the cert domain and real domain is the same entity
Categories
(Core :: Security: PSM, defect)
Tracking
()
People
(Reporter: u753276, Unassigned)
References
Details
Attachments
(1 file)
|
800 bytes,
application/x-x509-ca-cert
|
Details |
Steps to reproduce:
Visit https://ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/ with either Firefox or the Tor Browser.
Actual results:
"..does not trust this site because it uses a certificate that is not valid for.."
Error code: SSL_ERROR_BAD_CERT_DOMAIN
Expected results:
Not a "SSL_ERROR_BAD_CERT_DOMAIN" error but only SELF_SIGN warning only, because the cert domain is identical or wildcard to the website domain.
|
||
Comment 1•10 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Security: PSM' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
||
Comment 2•10 months ago
|
||
Could you attach a copy of the certificate here?
|
||
Comment 3•10 months ago
|
||
The reporter deleted their account after filing the bug—we're unlikely to get an answer from them.
Maybe we can get this info from someone else who uses Tor; if not we'll have to close this INCOMPLETE.
|
|
||
Comment 4•10 months ago
|
||
|
|
||
Comment 5•10 months ago
|
||
The certificate doesn't have a subjectAltName extension, and we no longer support subject common name matching.
Description
•