Closed
Bug 389295
Opened 17 years ago
Closed 17 years ago
wildcard certs apply to sub-subdomains
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 159483
People
(Reporter: benjamin, Assigned: KaiE)
References
()
Details
This is a difference of behavior between NSS/PSM and other major SSL clients. I don't know whether it's a bug or not, or whether it's even remotely exploitable, but I thought I'd share on the side of caution. We have a staging website: crash-reports.stage.mozilla.com which is using the mozilla wildcard certificate: *.mozilla.com Firefox (NSS/PSM) displays this website correctly, as does curl (openssl). Winsock and Cocoa Networking both refuse to display the website due to domain-name mismatch.
Comment 1•17 years ago
|
||
Old news. publicly known for years. It just means that you'll have to get more certs for your subdomains.
Group: security
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•