Closed Bug 1520973 Opened 6 years ago Closed 6 years ago

certificate error page doesn't properly handle certificates with no valid names

Categories

(Firefox :: Security, enhancement)

Product:
Firefox
Component:
Security
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1483626

People

(Reporter: keeler, Unassigned)

References

(Blocks 1 open bug)

Details

If a certificate doesn't have any valid names (so missing or empty subject alternative name extension), the error page will show "The certificate is only valid for ." (See e.g. https://198.89.122.189:2087/ although I don't know how long that will be like that).

In NetErrorChild.jsm, we have:

  let subjectAltNames = input.data.certSubjectAltNames.split(",");
  let numSubjectAltNames = subjectAltNames.length;
  let msgPrefix = "";
  if (numSubjectAltNames != 0) {
    if (numSubjectAltNames == 1) {
      if (newErrorPagesEnabled) {
        technicalInfo.textContent = "";
        let brandName = gBrandBundle.GetStringFromName("brandShortName");
        msgPrefix = gPipNSSBundle.formatStringFromName("certErrorMismatchSinglePrefix3", [brandName, hostString], 2) + " ";
        msgPrefix += gPipNSSBundle.GetStringFromName("certErrorMismatchSinglePrefix");
      } else {
        msgPrefix = gPipNSSBundle.GetStringFromName("certErrorMismatchSinglePrefix");
      }

If input.data.certSubjectAltNames is an empty string, calling split will actually return an array with one element, which means that numSubjectAltNames will be 1, which leads us down the wrong path.

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.