regression: Cannot add exception (sec_error_unknown_issuer)




6 years ago
6 years ago


(Reporter: martin.vogt, Unassigned)


16 Branch

Firefox Tracking Flags

(Not tracked)



(3 attachments)



6 years ago
Created attachment 683602 [details]

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6) Gecko/20100101 Firefox/10.0.6
Build ID: 2012071800

Steps to reproduce:


I tried to add a certificate exception for:

- firefox 10.0.6 works
- firefox 16.0.2 (current) does not work

Because it worked before I mark it as a regression.

The two screenshots make it clear:

- firefox 16 says "This certificate is invalid" in dialog 1
- but in dialog 2 it says "Its a valid certificate"

dialog 2 offers the option to confirm the exception, and this is the problem.



Actual results:

I cannot confirm the exception (because the confim button is disabled)

Expected results:

 The confirm button should be usuable

Comment 1

6 years ago
Created attachment 683604 [details]
can add exception

How it looks in ff 10.
Adding an exception work for me with Firefox 16.0.2
Do you see the same as bug 808511 ?

Can you please try a new profile just for a test:
Component: Untriaged → Security: PSM
Product: Firefox → Core

Comment 3

6 years ago
(In reply to Matthias Versen (Matti) from comment #2)
> Adding an exception work for me with Firefox 16.0.2
Unfortunately the server admin made a workaround,
so its working now for me too. He added a rewrite rule:

So on connect you get redirected to:>,

So the bug must be somewhere in the area:
"Certificate Subject Alt Name."

The certificate is issued for, but the
intial http connect was done with
If you view the details of the certificate the certificate
is certified for alternative names:
DNS Name:
DNS Name:

If I manually change the Location in the dialog
"Add Security Exception" I can reproduce the behavior
as before.

> Do you see the same as bug 808511 ?
No. My test "add/remove" execpetion and try again worked here

> Can you please try a new profile just for a test:

After it worked with the new profile I re-tested
with the old, which worked too. Then the admin
told me that he added the re-write rule.
So its not the profile....

The attached screenshot shows how the get the
behaviour back as before.

Comment 4

6 years ago
Created attachment 684358 [details]
get behaviour back, even with rewrite
I have problems to follow your report.
I tested with and the redirect doesn't matter because you have to already add an exception before the redirect is followed.

1) open
2) security warning is triggered
3) adding an exception works as expected
4) The redirect is loaded and executed
5) The new URL triggers again a security warning
6a) adding a security exception for this URL works
6b) changing the URL to in the exception dialog fails as seen on the screenshot but that is expected due to the added exception in Step 3

Comment 6

6 years ago
Ok, I cannot reproduce it too,
I will open another bugreport if it happens again,
and I'm setting the status to invalid.

But thanks for your help.
Last Resolved: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.