Closed
Bug 1520973
Opened 6 years ago
Closed 6 years ago
certificate error page doesn't properly handle certificates with no valid names
Categories
(Firefox :: Security, enhancement)
Firefox
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1483626
People
(Reporter: keeler, Unassigned)
References
(Blocks 1 open bug)
Details
If a certificate doesn't have any valid names (so missing or empty subject alternative name extension), the error page will show "The certificate is only valid for ." (See e.g. https://198.89.122.189:2087/ although I don't know how long that will be like that).
In NetErrorChild.jsm, we have:
let subjectAltNames = input.data.certSubjectAltNames.split(",");
let numSubjectAltNames = subjectAltNames.length;
let msgPrefix = "";
if (numSubjectAltNames != 0) {
if (numSubjectAltNames == 1) {
if (newErrorPagesEnabled) {
technicalInfo.textContent = "";
let brandName = gBrandBundle.GetStringFromName("brandShortName");
msgPrefix = gPipNSSBundle.formatStringFromName("certErrorMismatchSinglePrefix3", [brandName, hostString], 2) + " ";
msgPrefix += gPipNSSBundle.GetStringFromName("certErrorMismatchSinglePrefix");
} else {
msgPrefix = gPipNSSBundle.GetStringFromName("certErrorMismatchSinglePrefix");
}
If input.data.certSubjectAltNames
is an empty string, calling split
will actually return an array with one element, which means that numSubjectAltNames
will be 1
, which leads us down the wrong path.
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•