Closed Bug 52799 Opened 25 years ago Closed 24 years ago

Endless Unexpected Cert Name windows

Categories

(Core Graveyard :: Security: UI, defect, P1)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
All
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED WONTFIX

People

(Reporter: junruh, Assigned: ddrinan0264)

References

(
URL
)

Details

(Whiteboard: [nsbeta3-][pdtp1][rtm-])

Linux and Win98 9/15 builds. 1.) Visit https://www.kmart.com What is expected: Two Unexpected Cert Name windows to click through, as it happens with Netscape 4.76 with or without PSM. What happens: More Unexpected Cert Name windows keep opening in Win98. I count 16 before the browser locks up. In linux, the browser just locks up right away.
Keywords: nsbeta3
marking nsbeta3+. It seems to me that this is as good as a hang on a major site. Setting to P1
Priority: P3 → P1
Whiteboard: [nsbeta3+][pdtp1]
Marking nsbeta3-, won't hold PR3 for this. Nominating for rtm. FWIW, I didn't get the multiple dialog problem.
Keywords: rtm
Whiteboard: [nsbeta3+][pdtp1] → [nsbeta3-][pdtp1]
What we've found is that https://www.kmart.com in actuality fetches https://www.bluelight.com bluelight.com appears to have many machines to handle the load on the site and each machine has its own certificate. So when you go to the page, depending on current traffic, you may hit 1 or more of the machines. That number corresponds to the number of dialogs you should see. With Comm 4.x w/ PSM, I went to the site and got 2 warnings. With N6/Mozilla, unfortunately I get and endless stream of warnings. FWIW, I could not load https://www.kmart.com using IE 4
Adding [rtm need info] to whiteboard.
Whiteboard: [nsbeta3-][pdtp1] → [nsbeta3-][pdtp1][rtm need info]
The kmart site is broken in two ways. The first is the DN mismatch (the site is www.kmart.com, its SSL cert is www.bluelight.com). This first problem is not such a big deal (we just throw up a name mismatch dialog) but it is compounded by a second problem that site has. The site uses an SSL loadbalancer, so when N6 loads the main page of www.kmart.com, it connects to five or six different machines, each of which has its own SSL certificate with the wrong DN. This causes multiple Cert Name Mismatch dialogs to show. For us to fix this would require a major changes to NSS or have PSM serialize SSL connections (a big performance hit). I'm inclined to not fix this and recommend a workaround of loading https://www.bluelight.com instead.
I just tried to access https://www.kmart.com/ using IE 5.5. IE returns an error which says "The page cannot be displayed". I just tried https://www.bluelight.com using N6. That works fine, and no error messages pop up. I agree that any change (which we don't yet have) would be high risk.
Marking thus rtm-.
Whiteboard: [nsbeta3-][pdtp1][rtm need info] → [nsbeta3-][pdtp1][rtm-]
Marking wontfix. The URL is no longer valid, and I haven't been able to reproduce this on any other site.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WONTFIX
Verified.
Status: RESOLVED → VERIFIED
Mass changing Security:Crypto to PSM
Component: Security: Crypto → Client Library
Product: Browser → PSM
Version: other → 2.1
Mass changing Security:Crypto to PSM
Product: PSM → Core
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.