Open Bug 1896459 Opened 5 months ago Updated 4 months ago

Issue with Displaying SAN Information using 'about:certificate' in Firefox

Categories

(Firefox :: Security, defect, P3)

defect

Tracking

()

UNCONFIRMED

People

(Reporter: 2295456556, Unassigned)

References

Details

(Keywords: priv-triaged)

Attachments

(10 files)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0

Steps to reproduce:

1.Generating a mutated digital certificate with an additional Subject Alternative Name (SAN) of "ypj.test.com", along with its corresponding root CA and private key.
2.Configuring an Nginx web server to use the mutated certificate and private key in HTTPS mode.
3.Setting up the local machine (127.0.0.1) as the server and mapping "ypj.test.com" to 127.0.0.1 in the hosts file.
4.Adding the root CA to the system's trusted root certificate store using certutil.
5.Running nginx.exe. Accessing the URL "https://ypj.test.com:443" in a web browser, where the certificate's SAN matches the URL.

Firefox-version-113.0

Actual results:

Due to unknown reasons, the Firefox 'about:certificate' tool fails to display the SAN (Subject Alternative Name) contents of the certificate. This issue is likely a display problem, possibly caused by the inclusion of an X.400 Address or other unknown factors, which may lead to difficulties in displaying the information properly. In contrast, Chrome can parse and display it as shown in the image Chrome.png.

Expected results:

It is hoped that developers will enhance this functionality.

Attached image Chrome.png
Attached image hosts.png
Attached image nginx_conf.png
Attached file rsa_pri_2048.pem
Component: Security: PSM → Security
Product: Core → Firefox
Version: Other Branch → unspecified

When viewing the certificate of bugzilla.mozilla.org I can see the SAN (Server alt name). Can you make a screenshot from Firefox where the information is missing?

Type: enhancement → defect
Flags: needinfo?(2295456556)
Keywords: priv-triaged

Screenshot of Firefox showing the SAN information in about:certificate.

You made a mistake. You didn't analyze my test case. I was referring to the issue where using about:certificate to analyze my test case file 6c2152b91713467861[120.79.165.183.der].crt, it fails to display the Subject Alternative Name (SAN) extension of the digital certificate. Please take a look at my screenshot.

Flags: needinfo?(2295456556)
Attached image 2024-06-04_220339.png

Thanks for clarifying, providing the screenshot and also in general for all the bugs about the cert viewer. So the core issue here is the additional Subject Alternative Name (SAN). Sorry for missing that earlier.

Severity: -- → S3
Priority: -- → P3

Is this similar to the issue described in https://bugzilla.mozilla.org/show_bug.cgi?id=1896207?

Is this similar to the issue described in https://bugzilla.mozilla.org/show_bug.cgi?id=1896207

See Also: → 1896207
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: