Closed
Bug 974500
Opened 10 years ago
Closed 10 years ago
Firefox 29 and 30 aren't matching c.eu2.content.force.com with a wildcard subjectAlternativeName entry in eu2.force.com's certificate
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 973592
Tracking | Status | |
---|---|---|
firefox28 | --- | unaffected |
firefox29 | --- | affected |
firefox30 | --- | affected |
People
(Reporter: mozilla, Unassigned)
References
()
Details
(Keywords: regression)
User Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 (Beta/Release) Build ID: 20140212131424 Steps to reproduce: Logging into Salesforce.com using Firefox 29 or 30 unfortunately displays a certificate warning when it opens up https://c.eu2.content.force.com . That hostname is supported in the certificate as a wildcard name within the list of subjectAlternativeNames, which is DNS:*.eu2.force.com, DNS:*.eu2.visual.force.com, DNS:*.chatter.com, DNS:*.eu2.chatter.com, DNS:*.b.eu2.visual.force.com, DNS:*.cloudforce.com, DNS:*.secure.force.com, DNS:*.eu2.content.force.com, DNS:*.database.com, DNS:*.force.com, DNS:eu2.staticforce.com, DNS:*.eu2.cloudforce.com, DNS:*.eu2.my.cloudforce.com Actual results: Certificate warning on https://c.eu2.content.force.com Expected results: The page should have loaded successfully, set its cookie, and moved on to https://eu2.salesforce.com
Reporter | ||
Updated•10 years ago
|
Component: Untriaged → Security
OS: Linux → All
Priority: -- → P1
Hardware: x86 → All
Comment 2•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=ecf20a2484b6&tochange=d812f80a0f1d New version of NSS in that range. Brian are we doing the right thing by blocking this page load?
Blocks: 967153
Status: UNCONFIRMED → NEW
status-firefox28:
--- → unaffected
status-firefox29:
--- → affected
status-firefox30:
--- → affected
tracking-firefox30:
--- → ?
Component: Security → Security: PSM
Ever confirmed: true
Flags: needinfo?(brian)
Keywords: regression
Priority: P1 → --
Product: Firefox → Core
Updated•10 years ago
|
tracking-firefox29:
--- → ?
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(brian)
Resolution: --- → DUPLICATE
Comment 4•10 years ago
|
||
(In reply to Kevin Brosnan [:kbrosnan] from comment #2) > https://hg.mozilla.org/mozilla-central/ > pushloghtml?fromchange=ecf20a2484b6&tochange=d812f80a0f1d > > New version of NSS in that range. Brian are we doing the right thing by > blocking this page load? Please see bug 973592. We removed the root certificate that this site is using. We need to address the compatibility issues from doing so.
Updated•10 years ago
|
tracking-firefox29:
? → ---
tracking-firefox30:
? → ---
Reporter | ||
Comment 5•10 years ago
|
||
Thanks for the quick follow-up. That makes sense. Salesforce.com will need to update to a 2048-bit cert chain on its force.com endpoints.
You need to log in
before you can comment on or make changes to this bug.
Description
•