Closed Bug 982308 Opened 11 years ago Closed 11 years ago

(insanity::pkix) https://www.josefstadt.org/ does not load in Fx30 with insanity::pkix enabled

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
30 Branch
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED DUPLICATE of bug 982292

People

(Reporter: mwobensmith, Unassigned)

References

(
URL
)

Details

Requires turning on insanity::pkix via pref security.use_insanity_verification = true In Fx28 and Fx30 default - as well as Chrome 33 - site loads, but with an error page. In Fx30 with insanity::pkix enabled, we receive SEC_ERROR_INADEQUATE_CERT_TYPE instead and site does not load.
The certificate for this site is signed by 'Essential SSL CA', which has EKU of Microsoft Server Gated Crypto (1.3.6.1.4.1.311.10.3.3) and Netscape Server Gated Crypto (2.16.840.1.113730.4.1) since insanity tries to enforce nesting EKU the cert fails. See https://mxr.mozilla.org/mozilla-central/source/security/insanity/lib/pkixbuild.cpp#244
(In reply to Camilo Viecco (:cviecco) from comment #1) > The certificate for this site is signed by 'Essential SSL CA', which has EKU > of Microsoft Server Gated Crypto (1.3.6.1.4.1.311.10.3.3) and Netscape > Server Gated Crypto (2.16.840.1.113730.4.1) since insanity tries to enforce > nesting EKU the cert fails. See > https://mxr.mozilla.org/mozilla-central/source/security/insanity/lib/ > pkixbuild.cpp#244 Yes.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.