|Summary:||Cannot add exception for expired cert|
|Product:||[Fedora] Fedora||Reporter:||Mike McLean <mikem>|
|Component:||firefox||Assignee:||Martin Stransky <stransky>|
|Status:||CLOSED DUPLICATE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||20||CC:||chemobejk, gecko-bugs-nobody, kengert, mikem, randomrnd, stransky|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2014-01-07 16:59:59 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Mike McLean 2013-10-17 16:02:33 UTC
1) visit an https site with expired cert 2) untrusted dialog pops up, tech details says: some-server.com uses an invalid security certificate. The certificate expired on 10/17/2013 11:41 AM. The current time is 10/17/2013 11:59 AM. (Error code: sec_error_expired_certificate) 3) click "add exception" 4) popup claims certificate is "valid" and "verified" and refuses to add an exception
Comment 1 Martin Stransky 2013-10-18 10:47:22 UTC
Can you post the server name here? I saw it when the server does not have reverse DNS entry (IP to domain translation).
Comment 3 Steve 2013-11-08 13:10:04 UTC
In my case, tech details says: ************ uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for ************ (Error code: sec_error_cert_signature_algorithm_disabled) then, in about:config, when i set security.enable_md5_signatures;false to true, it says: (Error code: sec_error_ca_cert_invalid) finally, when i add an exception, firefox displays: The connection was reset Downgrading firefox and xulrunner to version 21 (?), solves the problem. firefox-25.0-3.fc19.x86_64 xulrunner-25.0-2.fc19.x86_64
Comment 4 Steve 2013-11-14 18:24:48 UTC
Ok, here is a workaround that works for me: Starting Firefox in terminal with NSS_SSL_CBC_RANDOM_IV=0, solves the problem. "NSS_SSL_CBC_RANDOM_IV=0 firefox" Please see here: https://bugzilla.redhat.com/show_bug.cgi?id=890931 Or google -> NSS_SSL_CBC_RANDOM_IV=0
Comment 5 Martin Stransky 2014-01-06 14:37:36 UTC
Kay, Any idea about this one? Thanks!
Comment 6 Kai Engert (:kaie) (inactive account) 2014-01-07 16:57:07 UTC
Martyn, I'll look into it.
Comment 7 Kai Engert (:kaie) (inactive account) 2014-01-07 16:59:59 UTC
I believe this is a duplicate of bug 770682. If you can demonstrate a current site to reproduce this issue, please add a comment with a link to the site, reopen the bug, and I'll look into it right away. Thanks *** This bug has been marked as a duplicate of bug 770682 ***
Comment 8 Stefan Becker 2014-01-07 17:04:39 UTC
(In reply to Kai Engert (:kaie) from comment #7) > I believe this is a duplicate of bug 770682. This bug is about firefox, that bug is about a similar problem with SIPE. I'll remove the duplicate assignment.
Comment 9 Kai Engert (:kaie) (inactive account) 2014-01-07 17:22:05 UTC
Stefan, both software used the same underlying NSS crypto library that implements the functionality (certificate validation) that you were using. The quoted environment variable isn't a property of Firefox, it's a property of that library.