Closed Bug 583297 Opened 14 years ago Closed 14 years ago

Using absolute Domain Names will make certificate check fail

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 134402

People

(Reporter: riedel, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

If using the correct FQDN ie. absolute DNS Notation the certificate check fails.


See RFC 1034:"Since a complete domain name ends with the root label, this leads to a printed form which ends in a dot."

Reproducible: Always

Steps to Reproduce:
1. Browse to https://www.mozilla.org./
2. Browse to https://www.mozilla.org/

Actual Results:  
First alternative gives "This Connection is Untrusted"


Relates to Bug #234058, which IMHO wrongly assumes relative notations as fully qualified names. Users should use absolute notation with a trailing dot to be sure they reach the server they intent to. Firefox should rather automatically expand relative domain names if this is a security problem.
Assignee: nobody → nobody
Component: Security → Libraries
Product: Core → NSS
QA Contact: toolkit → libraries
Status: UNCONFIRMED → NEW
Ever confirmed: true
This issue has come up before.  Please look for the duplicate bug.
It might be a PSM bug.  It's not an NSS problem.
Found it.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.