False "Invalid certificate error", when visiting site #2

RESOLVED DUPLICATE of bug 204835

Status

()

Core
Security: PSM
RESOLVED DUPLICATE of bug 204835
13 years ago
13 years ago

People

(Reporter: Kurt Mielke, Assigned: kaie)

Tracking

1.7 Branch
x86
Windows 2000
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

If I visit two pages in the same session, I get an "Invalid certificate ... has
same serial number". I think it is limited to sites with a certificate paths,
and "the middle certificate" is the same.



Reproducible: Always

Steps to Reproduce:
1. Visit https://www.seczone.dk/sqmail/src/login.php
2. Visit https://games.tips.dk/
3.

Actual Results:  
Alert: You have receieved an invalid certificate....Yor certificates contains
the same serial number as another...
If I close alle instancies of firefox, it is possible to contact the second
site, but then access to the first site is blocked.

Expected Results:  
No alert...

Tested on several platforms, all PC based hardware though.
-> PSM
Assignee: firefox → kaie
Component: General → Security: PSM
Product: Firefox → Core
QA Contact: general
Version: unspecified → 1.7 Branch
This is a dup of bug 204835.  See especially comment 
https://bugzilla.mozilla.org/show_bug.cgi?id=204835#c17

Each of these servers is serving a cert with 
serial number:          01:00:00:00:00:00:e5:f2:11:81:ee
whose subject name is: "OU=TDC Internet Root CA,O=TDC Internet,C=DK"
and whose issuer name is:
"CN=GlobalSign Partners CA,OU=Partners CA,O=GlobalSign nv-sa,C=BE"

Yet the certs with that description are not identical!
The encoding of the signature in one of them has been altered. 
One is the true cert, and one is an alteration.  NSS has detected
the presence of a second cert with the same issuer and serial number
as another already-seen cert, but which is not identical to it, and 
has reported it to PSM.  PSM has reported it to the user.


*** This bug has been marked as a duplicate of 204835 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.