Edge and Firefox handle CRL and AIA information in digital certificates differently

[NanoUnequalBot]

user agent(Edge):Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.69 Operating System: Windows 10 22H2 19045.2604

Overview: We tested with a mutated digital certificate as a test case. We found that Firefox can parse and display the CRL and Authority Information Access (AIA) information of the certificate, but Edge cannot parse them.

Steps to Reproduce: (1) In Firefox, visit the url about:certificate?cert=(processed pem data) containing the certificate information. (2) Use Python to create a local server (e.g. using Flask) and specify a mutated certificate and private key. Access the Flask provided url in Edge.

Actual Result: Edge cannot parse and display the CRL and AIA information of the certificate. Firefox can parse and display them.

Expected Result: Edge should be able to parse and display the CRL and AIA information of the certificate like Firefox, and the information should be consistent. cert_file.zip

[captainbrosset]

Thanks for reaching out and providing this much information.

Unfortunately, this repository is specific to DevTools. DevTools is a developer feature in Edge which has nothing to do with how Edge processes certificates. The best course of action for your feedback would be to use the Feedback Dialog in Edge:

So, can you please send your feedback again by using the browser's feedback mechanism? Here's how:

1. Click Settings and more (the ... button in the top-right corner of the browser).
2. Click Help and feedback.
3. Click Send feedback.

Thank you for your understanding.