Closed Bug 411246 Opened 16 years ago Closed 8 years ago

nsNSSIOLayer.cpp getInvalidCertErrorMessage should use new CERT_GetValidDNSPatternsFromCert

Categories

(Core :: Security: PSM, defect)

defect
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: KaiE, Unassigned)

References

Details

We recently implement a better display for domain mismatch SSL error messages, that is supposed to list the full set of valid names. That was done in order to fix bug 238142 and was done as part of bug 398718.

But the current fix to produce the valid strings for UI presentation (as checked in) is not identical to NSS' internal iteration of valid names.

In particular, we have commented/disabled a call to CERT_FindNSStringExtension(nssCert, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME);


This bug requests we produce parity between NSS' internal matching and UI presentation.

In order to do so, we can make use of new function CERT_GetValidDNSPatternsFromCert, added with bug 400917.
reassign bug owner.
mass-update-kaie-20120918
Assignee: kaie → nobody
Now that we're using mozilla::pkix, we still have a mismatch between what verification thinks are valid names and what the error page displays as valid names, but this won't improve the situation.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.