Closed Bug 959300 Opened 12 years ago Closed 12 years ago

Firefox throws SSL Cert Error for non-normalized Google+ URL (trailing dot)

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 134402

People

(Reporter: bkerensa, Unassigned)

Details

Attachments

(1 file)

Screen Shot 2014-01-13 at 11.07.59 AM.png
178.99 KB, image/png
Details
What happened: When going to https://plus.google.com./ am displayed an SSL Certificate error saying a valid certificate does not exist yet it then explains one is available for *.google.com http://tools.ietf.org/search/rfc6125 seems to cover best practices for this area and I'm unsure whether this is a bug or an intended response. I know that Chrome handles the situation differently and normalizes the URL.
The domain you linked to is "plus.google.com.". Note the extra period on the end, which as far as DNS goes is perfectly valid. Also notice that "*.google.com", does not match an extra period on the end. Maybe the right thing to do in this case is to strip out that last period, since it is kind of a silly side-effect of how DNS works, but IMO the SSL error is valid.
Yeah the discussion came up here if you are interested https://plus.google.com/u/0/105660309458564946897/posts/8rHJ2P3swfd Firefox appears to be the only one to throw up an SSL error while imho it should error in another way or normalize the URL on the fly.
Safari and IE notably probably have the best behavior which is to allow Google's error which is "The page you requested is invalid."
Component: Untriaged → Security: PSM
Product: Firefox → Core
Summary: Firefox throws SSL Cert Error for non-normalized Google+ URL → Firefox throws SSL Cert Error for non-normalized Google+ URL (trailing dot)
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: