Issue 751374 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Aug 2017
Components:	Internals>Network>Certificate
EstimatedDays:	----
NextAction:	----
OS:	All
Pri:	1
Type:	Bug-Regression
M-60

webmail.es.gov.br and other Brazilian government sites are broken in Chrome 60

Project Member Reported by eroman@chromium.org, Aug 2 2017

Issue description

The public suffix list added es.gov.br and other similar domains to the ICANN Domains:

https://github.com/publicsuffix/list/commit/fdfbb709c13f37a583d57832b61909740d2c8c05

This change was then imported into Chrome in 50f8775aacb3c66f540f692811201a6c77784e34, and then merged to M60 in 6754f383898a6668a68cee6facdb99e38dfe37a6.

The consequence of the upstream change to the public suffix list is that existing certificates which used wildcards such as *.es.gov.br are now broken as wildcards on public suffixes are not permitted. Chrome will fail with ERR_CERT_COMMON_NAME_INVALID.

For instance:

https://webmail.es.gov.br/

The change to the PSL seems incongruent with the existing certificates.

Comment 1 by asymmetric@chromium.org, Aug 2 2017

Status: WontFix (was: Untriaged)

We've contacted the registrant and determined that es.gov.br (and several other government suffixes under gov.br) were added to the PSL intentionally and for the purpose of representing delegations for municipal domains. They are aware of this issue and are working to replace all certificates with wildcards on labels directly proceeding the suffixes.

►

Issue 751374 link

Issue metadata

webmail.es.gov.br and other Brazilian government sites are broken in Chrome 60

Issue description

Comment 1 by asymmetric@chromium.org, Aug 2 2017

Comment 1 Deleted

Sign in to add a comment