SSL certificate validation broken
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox-3.0 (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
Kubuntu Hardy, firefox 3.0.14 (today’s update)
You need to have CAcert.org’s Root CA Certificate imported for this.
https:/
Konqueror → works
Firefox → ssl_error_
The certificate itself has:
CN: *.blog.tarent.de
X.509v3 subjectAltName: DNS:blog.tarent.de
Apparently, nss only “sees” the subjectAltName? This works with Konqueror (as stated),
Lynx. Interestingly, Opera 10 seems to have similar issues.
Certificate dump:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 486942 (0x76e1e)
Signature Algorithm: sha1WithRSAEncr
Issuer: O=Root CA, OU=http://
Validity
Not Before: Sep 14 10:10:58 2009 GMT
Not After : Sep 14 10:10:58 2011 GMT
Subject: C=DE, ST=Nordrhein-
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2560 bit)
X509v3 extensions:
X509v3 Basic Constraints: critical
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto
X509v3 Key Usage:
X509v3 Subject Alternative Name:
Signature Algorithm: sha1WithRSAEncr
Changed in firefox-3.0 (Ubuntu): | |
status: | New → Incomplete |
Is this still occurring with Firefox 3.0.19 or Firefox 3.6.16? If so, try updating libnss.