Closed Bug 93427 Opened 23 years ago Closed 23 years ago

Wrong infos about SSL Certificates

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 93103

People

(Reporter: bugzilla, Assigned: ssaux)

References

(
URL
)

Details

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801
BuildID:    20001080104

Security Information (Page INFO) displays not the right Infos about SSL
Certificates.



Reproducible: Always
Steps to Reproduce:
1.
 Check the security PAGE INFO  of a https://[site]       

                                                  
You will see
----
Web Site Identify
...
The identity of the web site has been verified by (Unknown Issuer), a
certificate authority you trust for this purpose.
----
But the Site is signed by Verisign        
  
2. shutdown mozilla
3.move ~/.mozilla  to [someothername]
4.restart mozilla
5. remove all verisign certificates.(Manag Certificates)
6. restart mozilla
7.revisit the page
8.view the certificate 
(You will see it's form verisign) 
9. Then continue loading the site
10. go on PAGE INFO         
you will still see it's for verisign.
----             
Web Site Identify
...
The identity of the web site has been verified by VeriSign [..], a
certificate authority you trust for this purpose.
---


Actual Results:  See Steps to Reproduce

Expected Results:  i had removed Verisign so i don't understand why i trust
Verisign. Even    
when i go on sites with self made certificates i get the same Information. 
But i never load the CA cert into mozilla.

And why is verisign first an Unknow Issuer and then a Know Issuer?
Just saw this go by earlier this week, but I don't remember the bug #, so I'll
leave it to the PSM team to dup.
  ->PSM.
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
Summary: Wrong infos about SSL Certificates → Wrong infos about SSL Certificates
Version: other → 2.0

*** This bug has been marked as a duplicate of 93103 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Marking VERIFIED DUPLICATE.
Status: RESOLVED → VERIFIED
Maybe this is too late now that the duplicate is verified.

If Markus actually removed the root certificate in the second part of his test,
he should have got a warning rather than a successful validation.

In that case, and if I understand Stephane Saux' explanation for bug 93833's
duplication right, then while the first part is the loss of a successfully
validated chain (bug 93103), this second part is another, new bug, namely a
missing alert to a broken chain.
Product: PSM → Core
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.