Closed
Bug 506824
Opened 16 years ago
Closed 16 years ago
CA for certified sites should be green
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: tchung, Unassigned)
References
()
Details
(Whiteboard: [nv])
For certified sites, the favicon should be green on Tegra devices. Instead its Blue.
- https://www.paypal.com
- https://www.jal.com
- https://www.britishairways.com/travel/globalgateway.jsp/global/public/en_
STR:
1) load Tegra device, Firefox build: Mozilla/5.0 (Windows; U; WindowsCE 6.0;
en-US; rv:1.9.2a1pre) Gecko/20090727 Firefox/3.6a1pre
2) Visit any certified safe site (see urls above)
3) After page loads, verify the favicon is blue.
Expected Results;
- Certified sites Should be green
Reporter | ||
Updated•16 years ago
|
Whiteboard: [nv]
Comment 1•16 years ago
|
||
It's green for me... Gecko/20090727 Minefield/3.6a1pre
Comment 2•16 years ago
|
||
Also WFM.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 3•16 years ago
|
||
I got this to repro just now, on a new device, fresh out of the box, with the Gecko/20090727 Minefield/3.6a1pre build installed. Zpao saw it with his own eyes so i'm not going color blind.
STR:
1) open firefox
2) load bugzilla.mozilla.org. Favicon goes blue
3) Open new tab, goto www.paypal.com
4) favicon says "paypal.com" and is blue
- when viewing the certificate > Issuer, it displays:
CN = VeriSign Class 3 Extended Validation SSL CA
OU = Terms of use at https://www.verisign.com/rpa (c)06
OU = VeriSign Trust Network
O = "VeriSign, Inc."
C = US
Expected:
- Paypal site should be green and display as "Paypal, Inc (US)"
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Comment 4•16 years ago
|
||
Is this reliably reproducible for you? Does just opening the browser and going directly there (or other variations on the STR) also fail?
Comment 5•16 years ago
|
||
Watch the OCSP and/or CRL verification.
Is the clock set correctly?
Comment 7•16 years ago
|
||
(In reply to comment #6)
> Is the clock set correctly?
I don't think it was. Tony said it was a fresh OS install and I noticed the time wasn't right - entirely likely that the date was incorrect as well.
Comment 8•16 years ago
|
||
Wrong time should have resulted in an error as the certificate wouldn't have been valid at all. It appears that this has not been the case, but the blue indicator appeared instead of the green one. I suspect there was a problem checking the revocation status of the certificate for whatever reason. It could be a bug, but also a network problem.
Reporter | ||
Comment 9•16 years ago
|
||
(In reply to comment #8)
> Wrong time should have resulted in an error as the certificate wouldn't have
> been valid at all. It appears that this has not been the case, but the blue
> indicator appeared instead of the green one. I suspect there was a problem
> checking the revocation status of the certificate for whatever reason. It could
> be a bug, but also a network problem.
Good question. It was out of box, so this is something i will look at and adjust if it wasnt set right.
Reporter | ||
Comment 10•16 years ago
|
||
Okay this was indeed the system clock. The system was set to 5/1/2009 and showing blue Site identifier. Setting the clock to today's date (7/30/2009), and refreshing the site, came up Green. Setting it back to 5/2009, understandingly became blue again.
Marking bug invalid. Thanks to aaronmt for the investigation.
Status: REOPENED → RESOLVED
Closed: 16 years ago → 16 years ago
Resolution: --- → INVALID
Comment 11•16 years ago
|
||
(In reply to comment #10)
> Okay this was indeed the system clock. The system was set to 5/1/2009 and
> showing blue Site identifier. Setting the clock to today's date (7/30/2009),
> and refreshing the site, came up Green. Setting it back to 5/2009,
> understandingly became blue again.
>
> Marking bug invalid. Thanks to aaronmt for the investigation.
FWIW, I didn't reload the site but rather a complete shutdown.
Comment 12•16 years ago
|
||
(In reply to comment #8)
> Wrong time should have resulted in an error as the certificate wouldn't have
> been valid at all. It appears that this has not been the case, but the blue
> indicator appeared instead of the green one. I suspect there was a problem
> checking the revocation status of the certificate for whatever reason. It could
> be a bug, but also a network problem.
If the time was off by more than the validity window of an OCSP response, but less than the validity window of the cert itself (e.g. last month), you'd see this behaviour. The cert would pass basic checks, but would not be considered to have a "valid" OCSP response, and hence get only DV-blue, not EV-green treatment.
(I know the bug is resolved, this is just here in case people have lingering questions about why this happened, or see it again in the future)
Reporter | ||
Comment 13•16 years ago
|
||
(In reply to comment #12)
> (I know the bug is resolved, this is just here in case people have lingering
> questions about why this happened, or see it again in the future)
Yep, i've been working with ashughes and it has helped us tremendously to see your explanation on how this all works. We'll be devising some litmus test cases on testing scenarios on the corrected behavior for OCSP responses. Thanks for clarifying!
You need to log in
before you can comment on or make changes to this bug.
Description
•