Closed
Bug 491406
Opened 15 years ago
Closed 15 years ago
*.wiki.sourceforge.net not valid site for *.sourceforge.net SSL certificate
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: p_ansell, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 *.wiki.sourceforge.net sites can't utilise the *.sourceforge.net issued SSL certificate according to the default SSL certificate checking mechanism Reproducible: Always Steps to Reproduce: 1. Go to https://bio2rdf.wiki.sourceforge.net/ or https://www.wiki.sourceforge.net/ Actual Results: See error saying that certificate issued for *.sourceforge.net is not valid for bio2rdf.wiki.sourceforge.net when it might be expected to be valid and trusted from a users point of view. Expected Results: Allow access to secure site using the given certificate.
Updated•15 years ago
|
Component: Phishing Protection → Security
QA Contact: phishing.protection → firefox
Comment 1•15 years ago
|
||
I believe this behaviour is as-designed, since our interpretation of wildcards is specified to only go one level "deep." In any event though, moving this to NSS, where the decision is made.
Assignee: nobody → nobody
Component: Security → Libraries
Product: Firefox → NSS
QA Contact: firefox → libraries
Comment 2•15 years ago
|
||
Historically, Mozilla has been the only browser that allowed a wildcard character to match multiple levels of subdomain. This behavior did not conform to the relevant RFC, and became viewed as a security risk, so Firefox 3.5 has changed to conform to RFC 2818. See bug 159483.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
Comment 3•15 years ago
|
||
Insane that one needs to tell people to do the following: You will need to click on the "Add Exception..." link, ignore the warning about "You are about to override how Firefox identifies this site. Legitimate banks, stores, and other public sites will not ask you to do this.". Click on "Get Certificate" and then click on "Confirm Security Exception".
Comment 4•15 years ago
|
||
Almost as insane as people putting certificates on their web servers that do not match the DNS names used by those servers, and then expecting all to work without any errors.
You need to log in
before you can comment on or make changes to this bug.
Description
•