Closed Bug 216378 Opened 22 years ago Closed 20 years ago

Certificate not accepted by mozilla : Error code -8102

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: tom, Assigned: wtc)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 After importing certificate and going to the https server after I attempt to connect I get an Alert that says : Could not establish an encrypted connection because certificate presented by [ip address] is invalid or corrupted. Error Code -8102 Then I hit OK and nothing happens. Under Opera 7.11 I can login just fine to my RADIUS server. Reproducible: Always Steps to Reproduce: 1.Import Certificate (I will disclose certificate type when contacted) 2.go to the url of my companies radius server Actual Results: Could not establish an encrypted connection because certificate presented by [ip address] is invalid or corrupted. Error Code -8102 Expected Results: RADIUS authentication login prompt This is a sensitive matter as I work for ISS.net.
I don't see the security exploit here. The security flag cannot be used to hide company confidential information since all bugs become public sooner or later -- it's a temporary designation to hide exploits until we can release a fix. In this case PSM/NSS has detected an error in the certificate. Possibly we have a bug, or possibly we enforce standards more strictly, but either way I don't see a reason to keep this sensitive. Without further explanation we plan to open this bug up next week (say 8/28). Reassigning to PSM
Assignee: security-bugs → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: carosendahl → bmartin
Version: Trunk → 1.01
So how do you intend on reproducing the problem without a valid certificate? If you can reproduce the problem without a vaild cert, great. That was my only reason for marking this as security sensitive.
I also fail to see why this would need to be security-sensitive as I don't see any exploit reported. If the user is unable to login to a site, it is not an exploit (although it may be a valid bug still). Removing the security-sensitive flag.
Group: security
See http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html#1038100 for a terse explanation of error -8102. In short, the cert's extensions have a problem. The usual situation is that the cert has an "extended key usage" extension that says "cert is ok for SSL step up", but does NOT say "cert is OK for use by an SSL server". See http://bugzilla.mozilla.org/show_bug.cgi?id=224844#c10 for more details. This bug is probably a duplicate of that one (or vice versa).
Assignee: ssaux → wchang0222
Component: Client Library → Libraries
Product: PSM → NSS
QA Contact: bmartin → bishakhabanerjee
Version: 1.01 → 3.8
This bug isn't going anywhere until the submittor attaches a copy of the cert to it. If that does not happen by 10-30-2004, this bug should be closed as invalid.
QA Contact: bishakhabanerjee → jason.m.reid
Makred invalid per pervious comment.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.