Closed
Bug 683454
Opened 13 years ago
Closed 13 years ago
Invalid handling of expired SSL certificate
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 659736
People
(Reporter: krojew, Unassigned)
Details
Attachments
(1 file)
(deleted),
image/png
|
Details |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0 Build ID: 20110812101623 Steps to reproduce: After entering a site with invalid (expired) certificate, Firefox showed the warning page. On add exception dialog, the certificate was listed as valid, although Certificate Viewer correctly shows the certificate as expired. There seems to be an inconsistency in certificate validation that could possibly lead to accepting invalid certificates. Actual results: Firefox show the certificate is valid and invalid at the same time. Expected results: Firefox should show the certificate as expired on all occasions.
Reporter | ||
Updated•13 years ago
|
OS: Linux → Windows 7
Updated•13 years ago
|
Component: Security → Security: PSM
Product: Firefox → Core
QA Contact: firefox → psm
Comment 2•13 years ago
|
||
Bug confirmed for versions 5 and 6 on Debian Linux as well. I also want to point out that this bug also affects functionality: * Given a (for example, internal) website you trust the "Untrusted connection warning" gets displayed * Trying to add an exception fails since the certificate is shown as valid on the "Add Security Exception" dialog and the "Confirm Security Exception" button is disabled * There is no easy way to force the browser to enter the page anyway
Updated•13 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•