diff --git a/browser/actors/NetErrorChild.jsm b/browser/actors/NetErrorChild.jsm index f2ce310a1786..654d2f362ad4 100644 --- a/browser/actors/NetErrorChild.jsm +++ b/browser/actors/NetErrorChild.jsm @@ -184,6 +184,10 @@ class NetErrorChild extends ActorChild { if (input.data.isDomainMismatch) { let subjectAltNames = input.data.certSubjectAltNames.split(","); let numSubjectAltNames = subjectAltNames.length; + + subjectAltNames = subjectAltNames.filter(name => name.length > 0); + numSubjectAltNames = subjectAltNames.length; + let msgPrefix = ""; if (numSubjectAltNames != 0) { if (numSubjectAltNames == 1) { diff --git a/browser/base/content/test/about/browser.ini b/browser/base/content/test/about/browser.ini index 2fd60c7a8356..64a86ed03f6d 100644 --- a/browser/base/content/test/about/browser.ini +++ b/browser/base/content/test/about/browser.ini @@ -13,6 +13,7 @@ prefs = [browser_aboutCertError_clockSkew.js] [browser_aboutCertError_exception.js] [browser_aboutCertError_mitm.js] +[browser_aboutCertError_noSubjectAltName.js] [browser_aboutCertError_telemetry.js] [browser_aboutHome_search_POST.js] [browser_aboutHome_search_composing.js] diff --git a/browser/base/content/test/about/browser_aboutCertError_noSubjectAltName.js b/browser/base/content/test/about/browser_aboutCertError_noSubjectAltName.js new file mode 100644 index 000000000000..1fcbc62740e3 --- /dev/null +++ b/browser/base/content/test/about/browser_aboutCertError_noSubjectAltName.js @@ -0,0 +1,51 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const UNKNOWN_ISSUER = "https://no-subject-alt-name.example.com:443"; + +const checkAdvancedAndGetTechnicalInfoText = async () => { + let doc = content.document; + + let advancedButton = doc.getElementById("advancedButton"); + ok(advancedButton, "advancedButton found"); + is(advancedButton.hasAttribute("disabled"), false, "advancedButton should be clickable"); + advancedButton.click(); + + let badCertAdvancedPanel = doc.getElementById("badCertAdvancedPanel"); + ok(badCertAdvancedPanel, "badCertAdvancedPanel found"); + + let badCertTechnicalInfo = doc.getElementById("badCertTechnicalInfo"); + ok(badCertTechnicalInfo, "badCertTechnicalInfo found"); + + let errorCode = doc.getElementById("errorCode").innerHTML; + is(errorCode, "SSL_ERROR_BAD_CERT_DOMAIN"); + + let viewCertificate = doc.getElementById("viewCertificate"); + ok(viewCertificate, "viewCertificate found"); + + return badCertTechnicalInfo.innerHTML; +}; + +const checkCorrectMessages = (message) => { + let isCorrectMessage = + message.includes("Websites prove their identity via certificates." + + " Nightly does not trust this site because it uses a certificate that is" + + " not valid for no-subject-alt-name.example.com"); + is(isCorrectMessage, true, "That message should appear"); + let isWrongMessage = + message.includes("The certificate is only valid for "); + is(isWrongMessage, false, "That message shouldn't appear"); +}; + +add_task(async function checkUntrustedCertError() { + info(`Loading ${UNKNOWN_ISSUER} which does not have a subject specified in the certificate`); + let tab = await openErrorPage(UNKNOWN_ISSUER); + let browser = tab.linkedBrowser; + info("Clicking the exceptionDialogButton in advanced panel"); + let badCertTechnicalInfoText = + await ContentTask.spawn(browser, null, checkAdvancedAndGetTechnicalInfoText); + checkCorrectMessages(badCertTechnicalInfoText, browser); + BrowserTestUtils.removeTab(gBrowser.selectedTab); +}); diff --git a/build/pgo/certs/cert9.db b/build/pgo/certs/cert9.db index 46f4626143ab..fe1d307533a9 100644 Binary files a/build/pgo/certs/cert9.db and b/build/pgo/certs/cert9.db differ diff --git a/build/pgo/certs/key4.db b/build/pgo/certs/key4.db index 6f96def91f92..c40fb77c5bfb 100644 Binary files a/build/pgo/certs/key4.db and b/build/pgo/certs/key4.db differ diff --git a/build/pgo/certs/noSubjectAltName.certspec b/build/pgo/certs/noSubjectAltName.certspec new file mode 100644 index 000000000000..dcbda9ee6efe --- /dev/null +++ b/build/pgo/certs/noSubjectAltName.certspec @@ -0,0 +1,2 @@ +issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization +subject:certificate without subjectAlternativeNames diff --git a/build/pgo/server-locations.txt b/build/pgo/server-locations.txt index c60eb28d540f..c77380e6691d 100644 --- a/build/pgo/server-locations.txt +++ b/build/pgo/server-locations.txt @@ -119,6 +119,7 @@ https://mismatch.expired.example.com:443 privileged,cert=expired https://mismatch.untrusted.example.com:443 privileged,cert=untrusted https://untrusted-expired.example.com:443 privileged,cert=untrustedandexpired https://mismatch.untrusted-expired.example.com:443 privileged,cert=untrustedandexpired +https://no-subject-alt-name.example.com:443 cert=noSubjectAltName # Prevent safebrowsing tests from hitting the network for its-a-trap.html and # its-an-attack.html.