Closed Bug 406034 Opened 17 years ago Closed 17 years ago

Don't report EV for sites with SSL server exceptions

Tracking

()

Status:

RESOLVED DUPLICATE of bug 406999

People

(Reporter: KaiE, Assigned: KaiE)

Details

Kai Engert (:KaiE:)

Assignee

Description

•

17 years ago

Scenario:
- SSL server with untrusted cert 
- exception for server cert is stored

As EV information is supposed to be compiled in, it seems very unlikely that a user will ever get EV UI for such a site. (Although there are edge cases like: remove trust from a builtin root, then add an exception for a server cert)


This bug proposes: Never show EV UI for certs with exceptions.

We should completely avoid running EV verification tests when such a cert is encountered.

Daniel Veditz [:dveditz]

Updated

•

17 years ago

Flags: blocking1.9?

Bob Lord

Comment 1

•

17 years ago

Would this change affect our QE efforts in any way?

Kai Engert (:KaiE:)

Assignee

Comment 2

•

17 years ago

This bug will be addressed as part of bug 406999

Status: NEW → RESOLVED

Closed: 17 years ago

Resolution: --- → DUPLICATE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Don't report EV for sites with SSL server exceptions

Categories

(Core :: Security: PSM, defect)

Tracking

()

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2