Closed Bug 255136 Opened 20 years ago Closed 20 years ago

mm.jpmorgan.com's certificate is not authorized for serving web sites

Categories

(Tech Evangelism Graveyard :: English US, defect)

Product:
Tech Evangelism Graveyard
Component:
English US
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: timeless, Unassigned)

References

(
URL
)

Details

http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html SEC_ERROR_INADEQUATE_CERT_TYPE -8101 Certificate type not approved for application. requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT; requiredCertType = NS_CERT_TYPE_SSL_SERVER; requiredKeyUsage 0x00004000 unsigned int requiredCertType 0x00000040 unsigned int - cert 0x02bd41c0 {arena=0x02bdbf20 {first={next=0x02bd41b0 {next=0x02bd49f8 base=0x02bd41c0 limit=0x02bd49c7 ...} base=0x02bdbf30 limit=0x02bdbf30 ...} current=0x02bd49f8 {next=0x00000000 {next=??? base=??? limit=??? ...} base=0x02bd4a08 limit=0x02bd520f ...} arenasize=0x00000800 ...} subjectName=0x02bd4a08 "CN=mm.jpmorgan.com,OU=ETS,O=JPMorgan Chase,L=New York,ST=New York,C=US" issuerName=0x02bd4a50 "OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU="VeriSign, Inc.",O=VeriSign Trust Network" ...} CERTCertificateStr * + arena 0x02bdbf20 {first={next=0x02bd41b0 {next=0x02bd49f8 {next=0x00000000 base=0x02bd4a08 limit=0x02bd520f ...} base=0x02bd41c0 limit=0x02bd49c7 ...} base=0x02bdbf30 limit=0x02bdbf30 ...} current=0x02bd49f8 {next=0x00000000 {next=??? base=??? limit=??? ...} base=0x02bd4a08 limit=0x02bd520f ...} arenasize=0x00000800 ...} PLArenaPool * + subjectName 0x02bd4a08 "CN=mm.jpmorgan.com,OU=ETS,O=JPMorgan Chase,L=New York,ST=New York,C=US" char * + issuerName 0x02bd4a50 "OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU="VeriSign, Inc.",O=VeriSign Trust Network" char * + signatureWrap {data={type=siBuffer data=0x02bd434c "0‚“ dôÎ;ô‘Óÿâ" len=0x00000297 } signatureAlgorithm={algorithm={type=siBuffer data=0x02bd45e7 "*†H†÷ " len=0x00000009 } parameters={type=siBuffer data=0x02bd45f0 "" len=0x00000002 } } signature={type=siBuffer data=0x02bd45f6 ",ÑÊ?1ÝsR€|O‘[TE½ 06(‹¾J,„¸#™Rœ8Á´EÅ™©¸ý%F)ËoÓÕz~÷ŽÇ¨ªˆŠÈ’Õ¬C†|^<ç`·<<Ëýf„I퀪ÚÊ]{ÑRŽïNu0Ii¹èùº!ašh¦\h§f2ÈŽó0|ÊÕE#ŸÚÚŒF½F½”F½˜F½" len=0x00000400 } } CERTSignedDataStr + derCert {type=siBuffer data=0x02bd4348 "0‚*0‚“ dôÎ;ô‘Óÿâ" len=0x0000032e } SECItemStr + derIssuer {type=siBuffer data=0x02bd4376 "0º10U VeriSign Trust Network10UVeriSign, Inc.1301U*VeriSign International Server CA - Class 31I0GU@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0 040512000000Z 050512235959Z0t10 UUS10UNew York10UNew York10U JPMorgan Chase10 UETS10Umm.jpmorgan.com0Ÿ0 *†H†÷ " len=0x000000bd } SECItemStr + derSubject {type=siBuffer data=0x02bd4453 "0t10 UUS10UNew York10UNew York10U JPMorgan Chase10 UETS10Umm.jpmorgan.com0Ÿ0 *†H†÷ " len=0x00000076 } SECItemStr + derPublicKey {type=siBuffer data=0x02bd44c9 "0Ÿ0 *†H†÷ " len=0x000000a2 } SECItemStr + certKey {type=siBuffer data=0x02bd48c0 "dôÎ;ô‘Óÿâ" len=0x000000cd } SECItemStr + version {type=siBuffer data=0x02bd4354 "dôÎ;ô‘Óÿâ" len=0x00000001 } SECItemStr + serialNumber {type=siBuffer data=0x02bd4357 "dôÎ;ô‘Óÿâ" len=0x00000010 } SECItemStr + signature {algorithm={type=siBuffer data=0x02bd436b "*†H†÷ " len=0x00000009 } parameters={type=siBuffer data=0x02bd4374 "" len=0x00000002 } } SECAlgorithmIDStr + issuer {arena=0x00000000 {first={next=??? base=??? limit=??? ...} current=??? arenasize=??? ...} rdns=0x02bd4678 } CERTNameStr + validity {arena=0x00000000 {first={next=??? base=??? limit=??? ...} current=??? arenasize=??? ...} notBefore={type=siUTCTime data=0x02bd4437 "040512000000Z 050512235959Z0t10 UUS10UNew York10UNew York10U JPMorgan Chase10 UETS10Umm.jpmorgan.com0Ÿ0 *†H†÷ " len=0x0000000d } notAfter={type=siUTCTime data=0x02bd4446 "050512235959Z0t10 UUS10UNew York10UNew York10U JPMorgan Chase10 UETS10Umm.jpmorgan.com0Ÿ0 *†H†÷ " len=0x0000000d } } CERTValidityStr + subject {arena=0x00000000 {first={next=??? base=??? limit=??? ...} current=??? arenasize=??? ...} rdns=0x02bd4720 } CERTNameStr + subjectPublicKeyInfo {arena=0x00000000 {first={next=??? base=??? limit=??? ...} current=??? arenasize=??? ...} algorithm={algorithm={type=siBuffer data=0x02bd44d0 "*†H†÷ " len=0x00000009 } parameters={type=siBuffer data=0x02bd44d9 "" len=0x00000002 } } subjectPublicKey={type=siBuffer data=0x02bd44df "0‰" len=0x00000460 } } CERTSubjectPublicKeyInfoStr + issuerID {type=siBuffer data=0x00000000 <Bad Ptr> len=0x00000000 } SECItemStr + subjectID {type=siBuffer data=0x00000000 <Bad Ptr> len=0x00000000 } SECItemStr + extensions 0x02bd4818 CERTCertExtensionStr * * + emailAddr 0x00000000 <Bad Ptr> char * + dbhandle 0x02b8aa88 {refCount=0x00000001 arena=0x02b97f48 {pool={first={next=0x02b8aa70 base=0x02b97f58 limit=0x02b97f58 ...} current=0x02b8aa70 {next=0x00000000 base=0x02b8aa80 limit=0x02b8b287 ...} arenasize=0x00000800 ...} lock=0x02b97fb0 marking_thread=0x00000000 ...} defaultCallback=0x00000000 {getInitPW=??? getNewPW=??? getPW=??? ...} ...} NSSTrustDomainStr * + subjectKeyID {type=siBuffer data=0x02bd4990 "q=]¥’¬ÏyhšÉJy6hÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚÚýýýýÝÝÝÝÝ " len=0x00000014 } SECItemStr keyIDGenerated 0x00000000 int keyUsage 0x000080a0 unsigned int rawKeyUsage 0x000080a0 unsigned int keyUsagePresent 0x00000001 int nsCertType 0x00000000 unsigned int keepSession 0x00000000 int timeOK 0x00000000 int + domainOK 0x00000000 {next=??? name=0x00000004 <Bad Ptr> } CERTOKDomainNameStr * isperm 0x00000000 int istemp 0x00000001 int + nickname 0x00000000 <Bad Ptr> char * + dbnickname 0x00000000 <Bad Ptr> char * + nssCertificate 0x02bdc5d8 {object={arena=0x02bdbd58 {pool={first={...} current=0x02bdc598 arenasize=0x00000800 ...} lock=0x02bdbdc0 marking_thread=0x00000000 ...} refCount=0x00000001 lock=0x02bdbe70 ...} type=NSSCertificateType_Unknown id={data=0x00000000 size=0x00000000 } ...} NSSCertificateStr * + trust 0x00000000 {sslFlags=??? emailFlags=??? objectSigningFlags=??? } CERTCertTrustStr * referenceCount 0x00000001 int + subjectList 0x00000000 {arena=??? ncerts=??? emailAddr=??? ...} CERTSubjectListStr * + authKeyID 0x00000000 {keyID={type=??? data=??? len=??? } authCertIssuer=??? authCertSerialNumber={type=??? data=??? len=??? } ...} CERTAuthKeyIDStr * isRoot 0x00000000 int authsocketlist 0x00000000 SECSocketNode * series 0x00000000 int + slot 0x00000000 {functionList=??? module=??? needTest=??? ...} PK11SlotInfoStr * pkcs11ID 0x00000000 unsigned long ownSlot 0x00000000 int > nss3.dll!CERT_KeyUsageAndTypeForCertUsage(SECCertUsageEnum usage=certUsageSSLServer, int ca=0x00000000, unsigned int * retKeyUsage=0x0140fb14, unsigned int * retCertType=0x0140fb2c) Line 1163 C nss3.dll!CERT_VerifyCert(NSSTrustDomainStr * handle=0x02b8aa88, CERTCertificateStr * cert=0x02bd41c0, int checkSig=0x00000001, SECCertUsageEnum certUsage=certUsageSSLServer, __int64 t=0x0003e15989b4a7b3, void * wincx=0x02d0b868, CERTVerifyLogStr * log=0x00000000) Line 1513 + 0x13 C nss3.dll!CERT_VerifyCertNow(NSSTrustDomainStr * handle=0x02b8aa88, CERTCertificateStr * cert=0x02bd41c0, int checkSig=0x00000001, SECCertUsageEnum certUsage=certUsageSSLServer, void * wincx=0x02d0b868) Line 1671 + 0x23 C ssl3.dll!SSL_AuthCertificate(void * arg=0x02b8aa88, PRFileDesc * fd=0x02ce1b80, int checkSig=0x00000001, int isServer=0x00000000) Line 251 + 0x22 C pipnss.dll!AuthCertificateCallback(void * client_data=0x00000000, PRFileDesc * fd=0x02ce1b80, int checksig=0x00000001, int isServer=0x00000000) Line 301 + 0x15 C++
This is an evanglism bug. (We don't usually have stack dumps in evangelism bugs.) It's an evangelism bug because a certain CA occasionally issues certs that have an extension that causes this problem. AFAIK, most of their certs do not have this problem, but a few do. I think this bug wishes that we "evangelize" them into ensuring that none of their certs have this problem.
The cert in question was apparently replaced on or before 2004-05-11. New cert looks and works jut fine.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.