Closed
Bug 181556
Opened 22 years ago
Closed 19 years ago
Connecting to a site whose SSL cert is revoked
Categories
(Core Graveyard :: Security: UI, defect, P2)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: webmaster, Unassigned)
References
()
Details
(Whiteboard: testcase needed)
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b) Gecko/20021016 On clicking OK to continue (in this case it was an Linux server admin page) does nothing (won't connect) have to cancel and use MSIE etc. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Comment 1•22 years ago
|
||
example URL ? -> PSM
Assignee: asa → ssaux
Component: Browser-General → Client Library
Product: Browser → PSM
QA Contact: asa → junruh
Version: Trunk → unspecified
Updated•22 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 2000 → All
Priority: -- → P2
Hardware: PC → All
Whiteboard: testcase needed
Version: unspecified → 2.4
Comment 3•21 years ago
|
||
The https server residential.qwest.com appears to me to be using a revoked cert. When OCSP is enabled, or when you have imported Verisign's CRL from the URL http://crl.verisign.com/RSASecureServer.crl and you then visit https://residential.qwest.com/flibberty.gibbet you get a dialog that says "Could not establish an encrypted connection because certificate presented by residential.qwest.com has been revoked." The dialog has only one button, which says "OK". Clicking it does not override the cert revocation, but rather cancels the attempt to fetch the URL. However, when no CRL for verisign is loaded, and OCSP is disabled, the url cited above returns a page-not-found error. The SSL connection is unhindered in that case. I think the submittor of this bug is complaining that he cannot override the cert revocation and visit the web site anyway. If that is indeed the complaint, then this bug should be resolved invalid, because mozilla can be configured to disable configuration checking, although we do not recommend this for the average user. Submittor, is that the essence of your complaint?
Updated•19 years ago
|
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Assignee | ||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•