Closed Bug 389295 Opened 17 years ago Closed 17 years ago

wildcard certs apply to sub-subdomains

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 159483

People

(Reporter: benjamin, Assigned: KaiE)

References

(
URL
)

Details

This is a difference of behavior between NSS/PSM and other major SSL clients. I don't know whether it's a bug or not, or whether it's even remotely exploitable, but I thought I'd share on the side of caution.

We have a staging website: crash-reports.stage.mozilla.com which is using the mozilla wildcard certificate: *.mozilla.com

Firefox (NSS/PSM) displays this website correctly, as does curl (openssl).

Winsock and Cocoa Networking both refuse to display the website due to domain-name mismatch.
Old news.  publicly known for years.  
It just means that you'll have to get more certs for your subdomains.
Group: security
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.