Closed Bug 1915137 Opened 1 year ago Closed 1 year ago

SSL_ERROR_BAD_CERT_DOMAIN redirects to different URL

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
Firefox 129
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: jon, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0

Steps to reproduce:

Background: I have a valid (Let's Encrypt-issued, but I suspect that's not relevant) TLS certificate for "foo.example.com" and SAN "*.foo.example.com".

I visited https://www.bar.foo.example.com , which I am aware is not covered by the certificate).

Actual results:

Firefox issues a fresh request for https://bar.foo.example.com (note, without the "www." prefix), which is covered by the certificate.

Devtools shows the first request as having a transferred size of "NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY,SSL_ERROR_BAD_CERT_DOMAIN)", and if I drill down to that request's "Security" details, it says "An error occurred: SSL_ERROR_BAD_CERT_DOMAIN".

Expected results:

Firefox should show a certificate error for the first URL, not request a different URL instead.

The Bugbug bot thinks this bug should belong to the 'Core::Security: PSM' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Security: PSM
Product: Firefox → Core

This is a feature controlled by the about:config preference security.bad_cert_domain_error.url_fix_enabled. If the server presents a certificate such as you've described, the browser optimistically assumes this was a configuration error and automatically redirects to the non-prefixed domain (as well as the reverse).

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.