Closed mb closed 1 month ago
@mb The PKIjs module does not implement logic for converting IP address values from OCTET STRING
to text representation. I reviewed the script at certDecoder.mjs:150
in Firefox and noticed that this script converts the hexadecimal representation of the address incorrectly.
Here is the current implementation in Firefox:
address
.toLowerCase()
.match(/.{1,4}/g)
.join(":")
.replace(/\b:?(?:0+:?){2,}/, "::");
If the address
is 262000FE000000000000000000000009
, the result will be 2620::fe:0000:0000:0000:0000:0000:0009
.
Here is a potential solution for this issue:
address
.toLowerCase()
.match(/.{1,4}/g)
.map(segment => parseInt(segment, 16).toString(16))
.join(":")
.replace(/(^|:)0(:0)+(:|$)/, '::')
.replace(/(^|:)0+([1-9a-f])/, '$1$2');
With this solution, the result will be 2620:fe::9
, but this implementation needs to be tested with other values to ensure it works correctly in all cases.
Thanks a lot, that is really helpful! I'm sorry for the trouble :see_no_evil:. So it is a problem in Firefox after all. I tried to find the source of the value, but couldn't and was relying on comment 2 for the report. Lets close this bug here.
@mb, the Firefox certificate viewer was implemented before we had the https://github.com/peculiarventures/PVCertViewer/ project, which encapsulates all the necessary display magic to do this well. For what it is worth I just checked and we do show the values correctly.
Originally filed as Bug 1881524 - Incorrect IPv6 address presentation in certificate view
So likely either of those two are expected:
Moving the bug report from bugzilla to hopefully the correct issue tracker.