Closed Bug 488856 Opened 11 years ago Closed 11 years ago

Add-ons page uses * in SSL cert for and other pages


(SeaMonkey :: General, defect, major)

Not set


(Not tracked)



(Reporter: maxwellb, Assigned: mcsmurf)




(1 file)

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b4pre) Gecko/20090417 Shiretoko/3.5b4pre
Build Identifier:  Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b4pre) Gecko/20090417 SeaMonkey/2.0b1pre

Mozilla seems to be invalidating wildcard certificates for fqdn's with more than one level of domain under the primary domain.

Reproducible: Always

Steps to Reproduce:
1. Go to Tools->Add-on Manager
2. click "Browse All Add-ons
3. Or, browse to ""
Actual Results:  
"Secure Connection Failed" uses an invalid security certificate.
The certificate is only valid for *
(Error code: ssl_error_bad_cert_domain)

Expected Results:  
Mozilla add-ons site loads in browser.

Happens in browser and click.
hg identify: 8ef97925ead2 tip

In Shiretoko, happens in browse, but not in add-on manager link.
I'm a bit confused why the "Browser All Add-ons" link works fine in Firefox 3.5 beta build (this is what you meant with your last sentence?). Anyway, this is due to Bug 159483 being fixed.
Add-ons team: You need to change/fix your security certificates, see Bug 159483. I do not see a good summary of the changes in that bug, but the conclusion seems to be: * now no longer matches every character but every character except the dot.
Component: General → Public Pages
Product: SeaMonkey →
QA Contact: general → web-ui
Summary: When in Tools->Add-on Manager, clicking "Browse All Add-ons" rejects valid wildcard certificate * for → Add-ons page uses * in SSL cert for and other pages shouldn't exist. If SeaMonkey is linking there, I'm pretty sure that's incorrect. Firefox uses for in-product links.
Ok, that's SeaMonkey using the wrong URL then, sorry! Back to SeaMonkey...
Component: Public Pages → General
Product: → SeaMonkey
QA Contact: web-ui → general
Version: unspecified → Trunk
Justin: Can you take a quick look at (line 431, anchors are currently broken in hg blame) if we should change the other Add-ons URLs there, too? It looks like we used to .org there as .com was/is MoCo specific stuff and worked at that time (Bug 414918 Comment 2).
This is what Firefox uses:

Basically, all of the are correct, but anything add-ons.mozilla should be .com.

Wil, reed, can you verify this?

It's also possible that SeaMonkey may not want to use URLs, in which case instead of you could just use (It's ridiculously and unnecessarily complicated, yes)
Please just use where you can... I'm trying my best to deprecate the use of <locale>
In particular, see bug 398938, bug 454300, and bug 471834 for my work-in-progress. I got delayed by bug 471834, so I need to get with the AMO team to get that changed before I can fix bug 454300.
Attached patch PatchSplinter Review
Assignee: nobody → bugzilla
Ever confirmed: true
Attachment #373372 - Flags: review?(kairo)
(In reply to comment #6)
> Please just use where you can... I'm trying my best
> to deprecate the use of <locale>

Yes, do this.  It's easiest for everyone.
(In reply to comment #8)
> Created an attachment (id=373372) [details]
> Patch

Seems to fix the issue. Verified.
Comment on attachment 373372 [details] [diff] [review]

I'll defer this to reed. rs=me for using the URLs reed says work now and with the work he's doing.
Attachment #373372 - Flags: review?(kairo) → review?(reed)
Comment on attachment 373372 [details] [diff] [review]

Yeah, this looks fine and works correctly per my testing. As an off-topic side note, I noticed that SeaMonkey has yet to port bug 449027 and bug 468526 over from Firefox. Can somebody get to those?
Attachment #373372 - Flags: review?(reed) → review+
Pushed to comm-central, changeset 401f2924175c.
I'll file a bug for porting those two bugs.
Closed: 11 years ago
Resolution: --- → FIXED
Filed&fixed Bug 489256 on the pref porting.
Target Milestone: --- → seamonkey2.0b1
Blocks: 497072
You need to log in before you can comment on or make changes to this bug.