Bug 440423 - [REHL5 U2] FireFox does not allow to override SEC_ERROR_INADEQUATE_KEY_USAGE
[REHL5 U2] FireFox does not allow to override SEC_ERROR_INADEQUATE_KEY_USAGE
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xulrunner (Show other bugs)
5.2
All Linux
low Severity high
: rc
: ---
Assigned To: Gecko Maintainer
desktop-bugs@redhat.com
https://192.168.77.18/
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-03 10:24 EDT by Jeff Burke
Modified: 2008-05-21 10:25 EDT (History)
3 users (show)

See Also:
Fixed In Version: RHEA-2008-0479
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-21 10:25:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 427081 None None None Never

  None (edit)
Description Jeff Burke 2008-04-03 10:24:04 EDT
Description of problem:
 Looks like Firefox 3 isn't accepting self-signed certificates anymore - There
is no way to add this ip to the exception list that I have found.

Version-Release number of selected component (if applicable):
firefox-3.0-0.beta4.1.el5


How reproducible:
Always

Steps to Reproduce:
1. Open this URL https://192.168.77.18/
2.
3.
  
Actual results:
Message Displayed
"Secure Connection Failed

An error occurred during a connection to 192.168.77.18.
Certificate key usage inadequate for attempted operation.
(Error code: sec_error_inadequate_key_usage)

The page you are trying to view can not be shown because the authenticity of the
received data could not be verified.
    * Please contact the web site owners to inform them of this problem."

Expected results:
I was able to open this prior to the FF3 update

Additional info:
 -
http://forums.mozillazine.org/viewtopic.php?p=3214810&sid=83ec36b154173a769dcf000463a6b153

 -
http://groups.google.com/group/mozilla.feedback.firefox.prerelease/browse_thread/thread/885b8914a0cc9e80
Comment 1 Michal Babej 2008-04-04 09:54:53 EDT
I have just connected to a page with self-signed cert, it works in ff3 (same
version).

I think the error refers to incorrect certificate usage (e.g. some certificates
are only valid for signing emails....), but i'm no expert on ssl. Perhaps try to
generate a new certificate for server usage ?
Comment 2 Jeff Burke 2008-04-04 10:31:41 EDT
Michal,
   Did you connect to the host in "Steps to Reproduce". Were you able to create
an exception for this host https://192.168.77.18/
Comment 3 Matěj Cepl 2008-04-04 11:59:32 EDT
(In reply to comment #2)
>    Did you connect to the host in "Steps to Reproduce". Were you able to create
> an exception for this host https://192.168.77.18/

Except,
this bug is supposed to be about self-signed certificates, which is not the case
here. Here the certificates is rejected because it is defective.

True self-signed certificates work without a hitch.
Comment 4 Matěj Cepl 2008-04-04 12:10:34 EDT
Ken, what do you think?
Comment 5 Kai Engert (:kaie) 2008-04-04 14:04:36 EDT
While related to SSL, the required fix is not at the NSS, but at the Firefox
application level.

We can try to get it fixed. See https://bugzilla.mozilla.org/show_bug.cgi?id=427081
Comment 6 Christopher Aillon 2008-04-08 11:32:30 EDT
Moving back to firefox
Comment 12 errata-xmlrpc 2008-05-21 10:25:08 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2008-0479.html

Note You need to log in before you can comment on or make changes to this bug.