Bug 440973 - certificate mismatch when viewing source files in FF3
certificate mismatch when viewing source files in FF3
Status: NEW
Product: Dogtag Certificate System
Classification: Community
Component: Build (Show other bugs)
1.0
All Linux
low Severity low
: ---
: ---
Assigned To: Matthew Harmsen
Ben Levenson
:
Depends On:
Blocks: DCS1.1
  Show dependency treegraph
 
Reported: 2008-04-04 14:53 EDT by Bob Lord
Modified: 2015-01-04 19:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bob Lord 2008-04-04 14:53:59 EDT
Description of problem: 
There is a certificate mismatch between the name of the subversion server and
the name in the certificate.

For example, when I perform a "svn info" command, I get back an HTTPS url as
follows:

==
$ svn info linux/common/pki-common.spec
Path: linux/common/pki-common.spec
Name: pki-common.spec
URL:
https://pki-svn.fedora.redhat.com/svn/pki/trunk/pki/linux/common/pki-common.spec
Repository Root: https://pki-svn.fedora.redhat.com/svn/pki
Repository UUID: c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Revision: 16
Node Kind: file
Schedule: normal
Last Changed Author: cfu
Last Changed Rev: 16
Last Changed Date: 2008-04-04 10:40:09 -0700 (Fri, 04 Apr 2008)
Text Last Updated: 2008-04-04 11:39:14 -0700 (Fri, 04 Apr 2008)
Checksum: 2ff1a394b50dccf00769c2143e29e537
==

That's fine.  But when I go to that HTTPS url, I get an error page in FF3.  The
error FF3 gives is:
==
Secure Connection Failed
pki-svn.fedora.redhat.com uses an invalid security certificate.

The certificate is not trusted because it is self signed.
The certificate is only valid for pki.fedoraproject.org.

(Error code: sec_error_ca_cert_invalid)
* This could be a problem with the server's configuration, or it could be
someone trying to impersonate the server.
* If you have connected to this server successfully in the past, the error may
be temporary, and you can try again later.
==

At a minimum, let's fix the naming problem in the cert.  But ideally, we should
also make sure we have a cert that chains to a well known issuer.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Bob Lord 2008-04-04 15:08:30 EDT
Update: I re-checked out the source and the host-name error went away. (Thanks
Matt!)

So now the only problem is that it is a self-signed cert.
Comment 3 Chandrasekar Kannan 2008-08-28 14:33:18 EDT
per bug council on 08/27/2008 - removing from CS8.0 list
Comment 4 Chandrasekar Kannan 2008-08-28 14:57:36 EDT
Adding to tracking Bug 460573

Note You need to log in before you can comment on or make changes to this bug.