If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

ff3 accepts wildcard cert for multiple domain components

RESOLVED DUPLICATE of bug 159483

Status

()

Firefox
Security
RESOLVED DUPLICATE of bug 159483
9 years ago
9 years ago

People

(Reporter: Kaj J. Niemi, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9) Gecko/2008053008 Firefox/3.0

When accessing a site using SSL and having a wildcard certificate FF will happily load the page even if there are multiple domain components being replaced by the wildcard.

RFC 2818 (HTTP over TLS) section 3.1 states:

"Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com."

Microsoft KB 258858 seems to kind of agree with me as well. ;-)

Reproducible: Always

Steps to Reproduce:
Accessing beta.ipv6.fortn.net (IPv6 only service, sorry) using SSL works fine using Firefox but not using Safari. Safari complains that the certificate does not match the hostname being accessed.

Actual Results:  
Works

Expected Results:  
IMHO FF should complain as well.

Comment 1

9 years ago
Netscape has always worked like that, and some sites depend on it (unfortunately).
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 159483
You need to log in before you can comment on or make changes to this bug.