Closed
Bug 974500
Opened 10 years ago
Closed 10 years ago
Firefox 29 and 30 aren't matching c.eu2.content.force.com with a wildcard subjectAlternativeName entry in eu2.force.com's certificate
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 973592
| Tracking | Status | |
|---|---|---|
| firefox28 | --- | unaffected |
| firefox29 | --- | affected |
| firefox30 | --- | affected |
People
(Reporter: mozilla, Unassigned)
References
()
Details
(Keywords: regression)
User Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 (Beta/Release) Build ID: 20140212131424 Steps to reproduce: Logging into Salesforce.com using Firefox 29 or 30 unfortunately displays a certificate warning when it opens up https://c.eu2.content.force.com . That hostname is supported in the certificate as a wildcard name within the list of subjectAlternativeNames, which is DNS:*.eu2.force.com, DNS:*.eu2.visual.force.com, DNS:*.chatter.com, DNS:*.eu2.chatter.com, DNS:*.b.eu2.visual.force.com, DNS:*.cloudforce.com, DNS:*.secure.force.com, DNS:*.eu2.content.force.com, DNS:*.database.com, DNS:*.force.com, DNS:eu2.staticforce.com, DNS:*.eu2.cloudforce.com, DNS:*.eu2.my.cloudforce.com Actual results: Certificate warning on https://c.eu2.content.force.com Expected results: The page should have loaded successfully, set its cookie, and moved on to https://eu2.salesforce.com
|
Reporter | |
Updated•10 years ago
|
Component: Untriaged → Security
OS: Linux → All
Priority: -- → P1
Hardware: x86 → All
|
||
Comment 2•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=ecf20a2484b6&tochange=d812f80a0f1d New version of NSS in that range. Brian are we doing the right thing by blocking this page load?
Blocks: 967153
Status: UNCONFIRMED → NEW
status-firefox28:
--- → unaffected
status-firefox29:
--- → affected
status-firefox30:
--- → affected
tracking-firefox30:
--- → ?
Component: Security → Security: PSM
Ever confirmed: true
Flags: needinfo?(brian)
Keywords: regression
Priority: P1 → --
Product: Firefox → Core
|
|
||
Updated•10 years ago
|
tracking-firefox29:
--- → ?
|
||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(brian)
Resolution: --- → DUPLICATE
|
|
||
Comment 4•10 years ago
|
||
(In reply to Kevin Brosnan [:kbrosnan] from comment #2) > https://hg.mozilla.org/mozilla-central/ > pushloghtml?fromchange=ecf20a2484b6&tochange=d812f80a0f1d > > New version of NSS in that range. Brian are we doing the right thing by > blocking this page load? Please see bug 973592. We removed the root certificate that this site is using. We need to address the compatibility issues from doing so.
|
|
||
Updated•10 years ago
|
tracking-firefox29:
? → ---
tracking-firefox30:
? → ---
|
|
Reporter | |
Comment 5•10 years ago
|
||
Thanks for the quick follow-up. That makes sense. Salesforce.com will need to update to a 2048-bit cert chain on its force.com endpoints.
You need to log in
before you can comment on or make changes to this bug.
Description
•