Issue with Displaying SAN Information using 'about:certificate' in Firefox
Categories
(Firefox :: Security, defect, P3)
Tracking
()
People
(Reporter: 2295456556, Unassigned)
References
Details
(Keywords: priv-triaged)
Attachments
(10 files)
2.70 KB,
application/x-x509-ca-cert
|
Details | |
1.92 KB,
application/x-x509-ca-cert
|
Details | |
1.90 KB,
application/x-x509-ca-cert
|
Details | |
1.34 KB,
application/x-x509-ca-cert
|
Details | |
9.64 KB,
image/png
|
Details | |
56.57 KB,
image/png
|
Details | |
64.30 KB,
image/png
|
Details | |
1.69 KB,
application/octet-stream
|
Details | |
51.61 KB,
image/png
|
Details | |
353.39 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0
Steps to reproduce:
1.Generating a mutated digital certificate with an additional Subject Alternative Name (SAN) of "ypj.test.com", along with its corresponding root CA and private key.
2.Configuring an Nginx web server to use the mutated certificate and private key in HTTPS mode.
3.Setting up the local machine (127.0.0.1) as the server and mapping "ypj.test.com" to 127.0.0.1 in the hosts file.
4.Adding the root CA to the system's trusted root certificate store using certutil.
5.Running nginx.exe. Accessing the URL "https://ypj.test.com:443" in a web browser, where the certificate's SAN matches the URL.
Firefox-version-113.0
Actual results:
Due to unknown reasons, the Firefox 'about:certificate' tool fails to display the SAN (Subject Alternative Name) contents of the certificate. This issue is likely a display problem, possibly caused by the inclusion of an X.400 Address or other unknown factors, which may lead to difficulties in displaying the information properly. In contrast, Chrome can parse and display it as shown in the image Chrome.png.
Expected results:
It is hoped that developers will enhance this functionality.
Reporter | ||
Comment 1•5 months ago
|
||
Reporter | ||
Comment 2•5 months ago
|
||
Reporter | ||
Comment 3•5 months ago
|
||
Reporter | ||
Comment 4•5 months ago
|
||
Reporter | ||
Comment 5•5 months ago
|
||
Reporter | ||
Comment 6•5 months ago
|
||
Reporter | ||
Comment 7•5 months ago
|
||
Reporter | ||
Comment 8•5 months ago
|
||
Updated•5 months ago
|
Comment 9•4 months ago
|
||
When viewing the certificate of bugzilla.mozilla.org I can see the SAN (Server alt name). Can you make a screenshot from Firefox where the information is missing?
Comment 10•4 months ago
•
|
||
Screenshot of Firefox showing the SAN information in about:certificate
.
Reporter | ||
Comment 11•4 months ago
|
||
You made a mistake. You didn't analyze my test case. I was referring to the issue where using about:certificate to analyze my test case file 6c2152b91713467861[120.79.165.183.der].crt, it fails to display the Subject Alternative Name (SAN) extension of the digital certificate. Please take a look at my screenshot.
Reporter | ||
Comment 12•4 months ago
|
||
Comment 13•4 months ago
|
||
Thanks for clarifying, providing the screenshot and also in general for all the bugs about the cert viewer. So the core issue here is the additional Subject Alternative Name (SAN). Sorry for missing that earlier.
Reporter | ||
Comment 14•4 months ago
|
||
Is this similar to the issue described in https://bugzilla.mozilla.org/show_bug.cgi?id=1896207?
Reporter | ||
Comment 15•4 months ago
|
||
Is this similar to the issue described in https://bugzilla.mozilla.org/show_bug.cgi?id=1896207
Description
•