Closed
Bug 982879
Opened 10 years ago
Closed 10 years ago
(mozilla::pkix) https://www.sabam.be does not load in Fx30 with mozilla::pkix enabled
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 969188
People
(Reporter: mwobensmith, Unassigned)
References
()
Details
Requires turning on insanity::pkix via pref security.use_insanity_verification = true In Fx28 and Fx30 default - as well as Chrome 33 - site loads with an "Access Denied" page. In Fx30 with insanity::pkix enabled, we receive the error SEC_ERROR_BAD_DER instead and site does not load.
Comment 1•10 years ago
|
||
The Access Denied message is simply what this web site returns. It seems to have no content. That message has nothing to do with verification or anything we do in the browser.
What I'm seeing here is the site's cert chains to GTE CyberTrust Global Root, which is apparently an x509v1 cert. In insanity::pkix::CheckBasicConstraints, we do this: 178 if (endEntityOrCA == MustBeCA && isTrustAnchor) { 179 const CERTCertificate* nssCert = cert.GetNSSCert(); 180 181 der::Input versionDer; 182 if (versionDer.Init(nssCert->version.data, nssCert->version.len) 183 != der::Success) { 184 return RecoverableError; 185 } versionDer.Init fails because nssCert->version.data is null (because of it being a v1 cert) and sets the error to SEC_ERROR_BAD_DER. I believe the patch in bug 969188 will fix this.
Updated•10 years ago
|
Summary: (insanity::pkix) https://www.sabam.be does not load in Fx30 with insanity::pkix enabled → (mozilla::pkix) https://www.sabam.be does not load in Fx30 with mozilla::pkix enabled
(In reply to David Keeler (:keeler) from comment #2) > I believe the > patch in bug 969188 will fix this. Yep.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•