Closed Bug 550592 Opened 12 years ago Closed 12 years ago

Don't match printable IP addresses with DNS names

Categories

(NSS :: Libraries, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 553754

People

(Reporter: kwilson, Assigned: nelson)

Details

A recommendation has been made that code should be added in NSS to not match subject common names to "domain names" passed in by the client (browser) that appear to be IP addresses in dotted decimal form. It is not considered to be standards compliant for printable ASCII representations of IP addresses to be placed in any certificate field that is intended to hold DNS names, including the subject common name and the DNSName field of the Subject Alternative Names extension.

An example may be found at https://218.241.105.6
The SSL cert has an IP address in the CN.
taking.
Assignee: kaie → nelson
Component: CA Certificates → Libraries
QA Contact: root-certs → libraries
Summary: In NSS Don't allow Common Names with IP addresses → Don't match printable IP addresses with DNS names
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 553754
You need to log in before you can comment on or make changes to this bug.