Closed
Bug 422965
Opened 17 years ago
Closed 16 years ago
Invalid complaint of ldap server certificate domain mismatch
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 369112
People
(Reporter: dave, Assigned: KaiE)
Details
Attachments
(1 file)
18.11 KB,
image/jpeg
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12 Build Identifier: 2.0.0.12 (20080227) Please see the attached screenshot Reproducible: Always Steps to Reproduce: 1. Click "write" to compose a new email 2. Start typing email address Obviously this happens in my environment, with the directory server ldaps://ldap.luannocracy.com (only valid on my local net) in the "Address Books" pane of my Address Book. Actual Results: Security Error: Domain Name Mismatch You have attempted to establish a connection with "ldap.luannocracy.com". However, the security certificate presented belongs to "ldap.luannocracy.com". ... etc. Expected Results: quietly allowed me to type the address I was trying to type.
Reporter | ||
Comment 1•17 years ago
|
||
Updated•17 years ago
|
Assignee: dveditz → kengert
Component: Security → Security: PSM
Product: Thunderbird → Core
QA Contact: thunderbird → psm
Comment 2•17 years ago
|
||
I'm not sure this is a PSM bug per se. The unhelpful dialog ("foo doesn't match foo") is a duplicate of another bug -- there really is a cert error, we're just not explaining it well. In the Thunderbird context though I think this bug is saying a cert error on the ldap server should just silently fail and not get in the way of composing a mail message. Or are you saying that we're incorrectly identifying ldap cert as invalid? To check that out we're going to need to connect to the machine in question, or have you collect more complete log info or something.
Assignee | ||
Comment 3•17 years ago
|
||
Dan is correct. I think this bug is 1.8 branch only (FF 2), if you get a test build for FF 3, you should see you'll get a better message. I don't find the exact duplicate of this bug right now... Maybe you'll find the bug if you look for "subject alt name". The bug is, the cert contains a SubjectAltName extension, which does not match your server, but we don't use that extension for the error message, we incorrectly use the "command name" from the cert for the error message. But all the work to improve the error has been around bug 327181.
Comment 4•16 years ago
|
||
I have a similar problem: To reproduce: Server name: ldap.foo.com Certificate: Subject: CN = ldap.foo.com Extensions.Certificate Subject Alt Name: Not Critical DNS Name: ldap0.foo.com DNS Name: ldap1.foo.com DNS Name: ldap2.foo.com Gets a Domain name mismatch: ... attempted to connect to "ldap.foo.com". However the security certificate belongs to "(ldap0.foo.com, ldap1.foo.com, ldap2.foo.com)". ... The original <main> subject in the certificate has been forgotten about.
Updated•16 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•