If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Don't match printable IP addresses with DNS names

RESOLVED DUPLICATE of bug 553754

Status

NSS
Libraries
RESOLVED DUPLICATE of bug 553754
8 years ago
8 years ago

People

(Reporter: Kathleen Wilson, Assigned: Nelson Bolyard (seldom reads bugmail))

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 years ago
A recommendation has been made that code should be added in NSS to not match subject common names to "domain names" passed in by the client (browser) that appear to be IP addresses in dotted decimal form. It is not considered to be standards compliant for printable ASCII representations of IP addresses to be placed in any certificate field that is intended to hold DNS names, including the subject common name and the DNSName field of the Subject Alternative Names extension.

An example may be found at https://218.241.105.6
The SSL cert has an IP address in the CN.
taking.
Assignee: kaie → nelson
Component: CA Certificates → Libraries
QA Contact: root-certs → libraries
Summary: In NSS Don't allow Common Names with IP addresses → Don't match printable IP addresses with DNS names

Updated

8 years ago
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 553754
You need to log in before you can comment on or make changes to this bug.