Closed
Bug 982308
Opened 11 years ago
Closed 11 years ago
(insanity::pkix) https://www.josefstadt.org/ does not load in Fx30 with insanity::pkix enabled
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 982292
People
(Reporter: mwobensmith, Unassigned)
References
()
Details
Requires turning on insanity::pkix via pref security.use_insanity_verification = true
In Fx28 and Fx30 default - as well as Chrome 33 - site loads, but with an error page.
In Fx30 with insanity::pkix enabled, we receive SEC_ERROR_INADEQUATE_CERT_TYPE instead and site does not load.
Comment 1•11 years ago
|
||
The certificate for this site is signed by 'Essential SSL CA', which has EKU of Microsoft Server Gated Crypto (1.3.6.1.4.1.311.10.3.3) and Netscape Server Gated Crypto (2.16.840.1.113730.4.1) since insanity tries to enforce nesting EKU the cert fails. See https://mxr.mozilla.org/mozilla-central/source/security/insanity/lib/pkixbuild.cpp#244
Comment 2•11 years ago
|
||
(In reply to Camilo Viecco (:cviecco) from comment #1)
> The certificate for this site is signed by 'Essential SSL CA', which has EKU
> of Microsoft Server Gated Crypto (1.3.6.1.4.1.311.10.3.3) and Netscape
> Server Gated Crypto (2.16.840.1.113730.4.1) since insanity tries to enforce
> nesting EKU the cert fails. See
> https://mxr.mozilla.org/mozilla-central/source/security/insanity/lib/
> pkixbuild.cpp#244
Yes.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•