certificate name confusion

VERIFIED INVALID

Status

Core Graveyard
Security: UI
P3
normal
VERIFIED INVALID
17 years ago
2 years ago

People

(Reporter: jtorres, Assigned: Stephane Saux)

Tracking

1.0 Branch
Future
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

(Reporter)

Description

17 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2) Gecko/20010628
BuildID:    0.9.2

When a site shows a certificate with two common names, only the second one (or
the last one?) is shown.
It also happens when you are importing a certificate with two or more  common names.
But worst of all is that it does the comparation in the sites with the wrong cn.

One example of this certificate:
cn=my name, cn=my company, o=my grand company

 

Reproducible: Always
Steps to Reproduce:
1. Create a certificate with two common names
2. try to import one of these certificates
3.

Expected Results:  Mozilla should check with the first one, and show the first one.
(Reporter)

Comment 1

17 years ago
Created attachment 43507 [details]
A test certificate (password:a)
Over to PSM
Assignee: mstoltz → ssaux
Status: UNCONFIRMED → NEW
Component: Security: General → Client Library
Ever confirmed: true
Product: Browser → PSM
QA Contact: ckritzer → junruh
Version: other → 2.0
(Assignee)

Comment 3

17 years ago
Reporter:
I have imported the certificate in the linux 0725200105.0.9.2 build and I don't
see a problem.  The certificate loads fine, and I don't see what is wrong with
it.  Please try a more recent build and provide some evidence that once the cert
you provided is loaded in a cert database, the cert viewer does not show the
proper data.

P3
future.
Severity: major → normal
Priority: -- → P3
Target Milestone: --- → Future
(Reporter)

Comment 4

17 years ago
Created attachment 43768 [details]
When the certificate is compared, it shows...
(Reporter)

Comment 5

17 years ago
Created attachment 43769 [details]
And the real subject is ....
(Assignee)

Comment 6

17 years ago
The X509 specs disallows multiple CN.
Marking INVALID.
The solution is to obtain a cert that has only one CN
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → INVALID

Comment 7

17 years ago
Verified invalid.
Status: RESOLVED → VERIFIED
Summary: certifica name confusion → certificate name confusion
(Reporter)

Comment 8

17 years ago
Hello,

I have the X509 spec V4 draft and I am not able to find the place where it is
said that only one CN is allowed.
It says that it maps a DN (that can have several CNs) with a public key (and
other things).

Please, could you tell me where did you found that limitation ?
Thank you again for this great product.

Updated

14 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

10 years ago
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.