Closed
Bug 688822
Opened 13 years ago
Closed 9 years ago
SSL Certificate warning confirm exception button does not do anything
Categories
(Core :: Security: PSM, defect, P1)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 1092243
People
(Reporter: barnett.thomas, Unassigned)
References
(Depends on 1 open bug, )
Details
(Keywords: regression, Whiteboard: [psm-cert-exceptions][psm-roadblock])
Attachments
(1 file)
63.26 KB,
image/png
|
Details |
sub.example.com is a domain hosted on WHM/cPanel. cPanel provides a control panel accessed via https://sub.domain.com:2083 with a self-signed certificate.
sub.domain.com also has a valid SSL certificate from a CA recognized by Firefox.
Using Firefox, user visits https://sub.domain.com:2083 and accesses cPanel after usual certificate warning, adding exception, permanently storing and confirming the exception.
This works as long as user does not visit the actual site https://sub.domain.com. Once the domain itself is visited https://sub.domain.com:2083 does not work anymore and access to cPanel control panel is not possible. The usual certificate warning is given, but "Confirm exception" button does not do anything.
These are the steps followed to repeat the problem
1- Create a new profile, no add-ons
2- Visit https://sub.domain.com:2083 (cPanel, cert warning)
3- Add exception
4- Confirm exception, permanently store
5- cPanel control panel is displayed
6- Visit https://sub.domain.com (actual site with valid SSL cert)
7- Repeat steps 2-4, "Confirm exception" does nothing, staying in "This Connection is Untrusted" page
9- Remove stored exceptions from "Options...> Servers and Authorities
10- Delete cert8.db and cert_override.txt in the profile
11- Restart and try step 7, with the same result.
This does not happen in Internet Explorer 8,9 or Chrome 13,14
Can you provide a minimized testcase or URL which reproduces this bug?
Keywords: testcase-wanted
Also, is the certification self-signed? If so, this is likely a duplicate of bug 552976.
It turns out that this is due to caching by a downstream proxy.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
oops, no. after access to actual domain, the problem is still there.
Here is the URL you can try.
1- Visit https://shop.baileyguitars.co.uk:2083 -> cert warning, perm. store and confirm exception. cPanel login page displays.
2- Visit https://shop.baileyguitars.co.uk
3- Try step 1 again. "Confirm exception" button does not do anything
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
I just tried your steps in comment 4 in Firefox 8.0b1 and I cannot reproduce this bug.
1) Visit https://shop.baileyguitars.co.uk:2083
Connection is Untrusted page because...
"The certificate is not trusted because it is self-signed"
"The certificate is only valid for vps.comptayr.co.uk"
"Error code: sec_error_untrusted_issuer"
2) "I Understand the Risks" > "Add Exception" > "Confirm Security Exception" and check "Permanently store this exception"
cPanel login page appears
3) Visit https://shop.baileyguitars.co.uk
Page loads with a BLUE site identity background displaying the following identity info:
"You are connected to baileyguitars.co.uk which is run by (unknown) Verified by Starfield Technologies Inc."
4) Click the BACK button
Popup notification displaying the same information in step 1.
5) Visit https://shop.baileyguitars.co.uk:2083
Connection Untrusted page displays with the same information as step 1. However, this time the "I Understand the Risks" section is non-existent.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: testcase-wanted
OS: Windows 7 → All
Hardware: x86 → All
Version: 6 Branch → unspecified
Thomas, would you kindly use our mozregression tool to see if this is a regression?
http://harthur.github.com/mozregression/
Keywords: regressionwindow-wanted
Comment 8•13 years ago
|
||
Tested with STR in comment#5.
Regression window(cached m-c hourly),
Works:
http://hg.mozilla.org/mozilla-central/rev/46f402c75824
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b5pre) Gecko/20100824 Minefield/4.0b5pre ID:20100824084651
Fails:
http://hg.mozilla.org/mozilla-central/rev/a90640c20652
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b5pre) Gecko/20100824 Minefield/4.0b5pre ID:20100824110352
Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=46f402c75824&tochange=a90640c20652
Triggered By:
5dc3c2d2dd4f Sid Stamm — Bug 495115 - Implement Strict-Transport-Security to allow sites to specify HTTPS-only connections, r=kaie+honzab+bjarne, a=betaN+
Blocks: 495115
Updated•13 years ago
|
Keywords: regressionwindow-wanted → regression
Updated•13 years ago
|
Component: Security → Security: PSM
Priority: -- → P1
Product: Firefox → Core
QA Contact: firefox → psm
Whiteboard: [psm-cert-exceptions][psm-roadblock]
Comment 9•13 years ago
|
||
This might be related to bug 660749, but it sounds sufficiently different to keep it as a separate bug.
Depends on: CVE-2011-0082
Comment 10•9 years ago
|
||
Given comment 8 this is almost certainly bug 1092243.
Status: NEW → RESOLVED
Closed: 13 years ago → 9 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•