regression: Cannot add exception (sec_error_unknown_issuer)

RESOLVED INVALID

Status

()

RESOLVED INVALID
6 years ago
6 years ago

People

(Reporter: martin.vogt, Unassigned)

Tracking

16 Branch
x86_64
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

(Reporter)

Description

6 years ago
Created attachment 683602 [details]
cannot_add_exeception.png

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6) Gecko/20100101 Firefox/10.0.6
Build ID: 2012071800

Steps to reproduce:


Hello,

I tried to add a certificate exception for:

https://egw.itwm.fhg.de/

- firefox 10.0.6 works
- firefox 16.0.2 (current) does not work

Because it worked before I mark it as a regression.

The two screenshots make it clear:

- firefox 16 says "This certificate is invalid" in dialog 1
- but in dialog 2 it says "Its a valid certificate"

dialog 2 offers the option to confirm the exception, and this is the problem.

regards,

Martin





Actual results:


I cannot confirm the exception (because the confim button is disabled)


Expected results:

 The confirm button should be usuable
(Reporter)

Comment 1

6 years ago
Created attachment 683604 [details]
can add exception

How it looks in ff 10.
Adding an exception work for me with Firefox 16.0.2
Do you see the same as bug 808511 ?

Can you please try a new profile just for a test:
http://support.mozilla.org/kb/Managing%20profiles
Component: Untriaged → Security: PSM
Product: Firefox → Core
(Reporter)

Comment 3

6 years ago
(In reply to Matthias Versen (Matti) from comment #2)
> Adding an exception work for me with Firefox 16.0.2
Unfortunately the server admin made a workaround,
so its working now for me too. He added a rewrite rule:

So on connect you get redirected to:
 egw.itwm.fhg.de->egw.itwm.fraunhofer.de,

So the bug must be somewhere in the area:
"Certificate Subject Alt Name."

The certificate is issued for egw.itwm.fraunhofer.de, but the
intial http connect was done with egw.itwm.fhg.de.
If you view the details of the certificate the certificate
is certified for alternative names:
DNS Name: egw.itwm.fhg.de
DNS Name: egw.itwm.fraunhofer.de

If I manually change the Location in the dialog
"Add Security Exception" I can reproduce the behavior
as before.


> Do you see the same as bug 808511 ?
No. My test "add/remove" execpetion and try again worked here
(16.0.2)

> 
> Can you please try a new profile just for a test:
> http://support.mozilla.org/kb/Managing%20profiles

After it worked with the new profile I re-tested
with the old, which worked too. Then the admin
told me that he added the re-write rule.
So its not the profile....

The attached screenshot shows how the get the
behaviour back as before.
(Reporter)

Comment 4

6 years ago
Created attachment 684358 [details]
get behaviour back, even with rewrite
I have problems to follow your report.
I tested with https://egw.itwm.fhg.de/ and the redirect doesn't matter because you have to already add an exception before the redirect is followed.

1) open https://egw.itwm.fhg.de/
2) security warning is triggered
3) adding an exception works as expected
4) The redirect is loaded and executed
5) The new URL triggers again a security warning
6a) adding a security exception for this URL works
6b) changing the URL to https://egw.itwm.fhg.de/ in the exception dialog fails as seen on the screenshot but that is expected due to the added exception in Step 3
(Reporter)

Comment 6

6 years ago
Ok, I cannot reproduce it too,
I will open another bugreport if it happens again,
and I'm setting the status to invalid.

But thanks for your help.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.