Closed
Bug 945113
Opened 12 years ago
Closed 5 years ago
StartSSL certificates are untrusted on Firefox for Android
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: brian, Unassigned)
References
()
Details
Hi!
I recently noticed that StartSSL (https://www.startssl.com/) doesn't seem to be in the list of trusted CAs on Firefox for Android. When I try to visit a page that uses a certificate from them, for example https://gpg.bjb.io, I get an Untrusted Connection error with code `sec_error_unknown_issuer`.
Note that StartSSL is supported by all major operating systems and browsers on desktop (according to this wiki page https://en.wikipedia.org/wiki/Startssl#StartSSL).
More information: I am on Android 4.3.1 (Cyanogen Mod 10.2 RC1). I've also noticed that Mobile Chrome and “Browser” don't trust StartSSL either.
Doing an informal poll on Twitter, a handful of people were able to confirm the issue (I've CC'd dietrich, who was able to reproduce) however David Dahl (also CC'd) was able to visit the site without warning.
|
Reporter | |
Updated•12 years ago
|
Summary: StartSSL certificates are untrusted. → StartSSL certificates are untrusted on Firefox for Android
|
||
Comment 1•12 years ago
|
||
Can't reproduce in Fennec Stable or Aurora, running Android 4.3 on my HTC One.
|
|
||
Comment 2•12 years ago
|
||
Actually, scratch that. I can reproduce in Nightly (but only in Nightly).
|
|
Reporter | |
Comment 3•12 years ago
|
||
Just did some more testing, I am able to reproduce on Stable, Beta and Nightly running Android 4.3.1 on an HTC One.
|
||
Comment 4•12 years ago
|
||
I'm also using an HTC One with 4.3.
I could reproduce with 27-25 but not 28.
Hardware: x86 → All
|
|
||
Comment 5•12 years ago
|
||
Is it possible that your server configuration (or client timing) is introducing some randomness? E.g., SNI, Bug 450280, something like that?
|
|
||
Comment 6•12 years ago
|
||
For the record: requests made using Browser and Chrome (and also Firefox Sync and other non-Gecko network access in Firefox) will use the Android certificate store. Requests using Gecko, such as page loads, will use Necko and our own cert system.
|
|
Reporter | |
Comment 7•12 years ago
|
||
I am using SNI on my server to serve up different certs, yeah. I can try disabling it tomorrow to see if that makes a difference.
|
|
Reporter | |
Comment 8•12 years ago
|
||
However, in my own testing I was getting the right certificate (or at least if I wasn't, firefox wasn't warning me) – it was only warning me about an unrecognized issuer.
|
||
Comment 9•5 years ago
|
||
We have completed our launch of our new Firefox on Android. The development of the new versions use GitHub for issue tracking. If the bug report still reproduces in a current version of [Firefox on Android nightly](https://play.google.com/store/apps/details?id=org.mozilla.fenix) an issue can be reported at the [Fenix GitHub project](https://github.com/mozilla-mobile/fenix/). If you want to discuss your report please use [Mozilla's chat](https://wiki.mozilla.org/Matrix#Connect_to_Matrix) server https://chat.mozilla.org and join the [#fenix](https://chat.mozilla.org/#/room/#fenix:mozilla.org) channel.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INCOMPLETE
|
Assignee | |
Updated•5 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•