Closed Bug 683454 Opened 13 years ago Closed 12 years ago

Invalid handling of expired SSL certificate

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
6 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 659736

People

(Reporter: krojew, Unassigned)

Details

Attachments

(1 file)

certificate validation error
117.82 KB, image/png
Details 
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0
Build ID: 20110812101623

Steps to reproduce:

After entering a site with invalid (expired) certificate, Firefox showed the warning page. On add exception dialog, the certificate was listed as valid, although Certificate Viewer correctly shows the certificate as expired. There seems to be an inconsistency in certificate validation that could possibly lead to accepting invalid certificates.


Actual results:

Firefox show the certificate is valid and invalid at the same time.


Expected results:

Firefox should show the certificate as expired on all occasions.
OS: Linux → Windows 7
Not an exploit that needs to remain hidden.
Group: core-security
Component: Security → Security: PSM
Product: Firefox → Core
QA Contact: firefox → psm
Bug confirmed for versions 5 and 6 on Debian Linux as well.

I also want to point out that this bug also affects functionality:

* Given a (for example, internal) website you trust the "Untrusted connection warning" gets displayed
* Trying to add an exception fails since the certificate is shown as valid on the "Add Security Exception" dialog and the "Confirm Security Exception" button is disabled
* There is no easy way to force the browser to enter the page anyway
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: