Using absolute Domain Names will make certificate check fail

RESOLVED DUPLICATE of bug 134402

Status

NSS
Libraries
--
minor
RESOLVED DUPLICATE of bug 134402
8 years ago
8 years ago

People

(Reporter: riedel, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

If using the correct FQDN ie. absolute DNS Notation the certificate check fails.


See RFC 1034:"Since a complete domain name ends with the root label, this leads to a printed form which ends in a dot."

Reproducible: Always

Steps to Reproduce:
1. Browse to https://www.mozilla.org./
2. Browse to https://www.mozilla.org/

Actual Results:  
First alternative gives "This Connection is Untrusted"


Relates to Bug #234058, which IMHO wrongly assumes relative notations as fully qualified names. Users should use absolute notation with a trailing dot to be sure they reach the server they intent to. Firefox should rather automatically expand relative domain names if this is a security problem.
Assignee: nobody → nobody
Component: Security → Libraries
Product: Core → NSS
QA Contact: toolkit → libraries
Status: UNCONFIRMED → NEW
Ever confirmed: true
This issue has come up before.  Please look for the duplicate bug.
It might be a PSM bug.  It's not an NSS problem.
Found it.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 134402
You need to log in before you can comment on or make changes to this bug.