Closed
Bug 768515
Opened 12 years ago
Closed 9 years ago
SSL Certificate Chain Verification False Negative
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: patrick.strateman, Unassigned)
Details
(Keywords: testcase-wanted)
An https server providing the complete certificate chain in which the trust anchor is an intermediary results in the chain being rejected as invalid.
An example of this behavior is the StartCom certificate authority.
The trust anchor loaded in firefox is "CN=StartCom Certification Authority"
However the actual root of the chain is "CN=StartCom Certification Authority G2"
If the full certificate chain including "CN=StartCom Certification Authority G2" is provided by the https server the chain will be rejected.
Having the https server provide only the site specific certificate and "CN=StartCom Class 2 Primary Intermediate Server CA" results in success.
/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA
/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
I can setup a demonstration server if necessary.
Updated•12 years ago
|
Component: Networking → Security: PSM
QA Contact: networking → psm
Comment 1•12 years ago
|
||
Eddy: Can you take a look ?
(In reply to Patrick Strateman from comment #0)
> I can setup a demonstration server if necessary.
If you can, that would be great, thanks.
Keywords: testcase-wanted
Comment 3•9 years ago
|
||
Hello Partic, Is this still an issue for you? If yes, can you please get back to requested info in comment 2. Thanks!
Flags: needinfo?(patrick.strateman)
Comment 4•9 years ago
|
||
Resolved-Incomplete due to time since last communication/update by reporter.
Please feel free to reopen if the error occurs in a current Firefox version.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
Reporter | ||
Updated•6 years ago
|
Flags: needinfo?(patrick.strateman)
You need to log in
before you can comment on or make changes to this bug.
Description
•