Closed
Bug 93427
Opened 23 years ago
Closed 23 years ago
Wrong infos about SSL Certificates
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
People
(Reporter: bugzilla, Assigned: ssaux)
References
()
Details
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801 BuildID: 20001080104 Security Information (Page INFO) displays not the right Infos about SSL Certificates. Reproducible: Always Steps to Reproduce: 1. Check the security PAGE INFO of a https://[site] You will see ---- Web Site Identify ... The identity of the web site has been verified by (Unknown Issuer), a certificate authority you trust for this purpose. ---- But the Site is signed by Verisign 2. shutdown mozilla 3.move ~/.mozilla to [someothername] 4.restart mozilla 5. remove all verisign certificates.(Manag Certificates) 6. restart mozilla 7.revisit the page 8.view the certificate (You will see it's form verisign) 9. Then continue loading the site 10. go on PAGE INFO you will still see it's for verisign. ---- Web Site Identify ... The identity of the web site has been verified by VeriSign [..], a certificate authority you trust for this purpose. --- Actual Results: See Steps to Reproduce Expected Results: i had removed Verisign so i don't understand why i trust Verisign. Even when i go on sites with self made certificates i get the same Information. But i never load the CA cert into mozilla. And why is verisign first an Unknow Issuer and then a Know Issuer?
Comment 1•23 years ago
|
||
Just saw this go by earlier this week, but I don't remember the bug #, so I'll leave it to the PSM team to dup. ->PSM.
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
Summary: Wrong infos about SSL Certificates → Wrong infos about SSL Certificates
Version: other → 2.0
Assignee | ||
Comment 2•23 years ago
|
||
*** This bug has been marked as a duplicate of 93103 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Comment 4•23 years ago
|
||
Maybe this is too late now that the duplicate is verified. If Markus actually removed the root certificate in the second part of his test, he should have got a warning rather than a successful validation. In that case, and if I understand Stephane Saux' explanation for bug 93833's duplication right, then while the first part is the loss of a successfully validated chain (bug 93103), this second part is another, new bug, namely a missing alert to a broken chain.
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•