GNU bug report logs -
#32833
IceCat 60 certificate validation fails when using system NSS
Previous Next
Reported by: Mike Gerwitz <mtg <at> gnu.org>
Date: Tue, 25 Sep 2018 04:30:02 UTC
Severity: normal
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
I don't know if this is a problem specific to Guix or upstream; I can
give IceCat a try in a Debian VM tomorrow. But I want to make others
aware of the problem in the meantime:
Even if sites are using HTTPS, IceCat is still saying "This connection
is insecure" if you click on the "i" icon in the URL bar. This seems to
be a problem with every HTTPS site I visit.
On the "Security" tab of the "Page Info" dialog, under "Technical
Details", no certificate information is listed; it simply says
"Connection Not Encrypted". That's clearly not true, otherwise the page
would fail to load. I've tried with sites that use HSTS and don't even
support plaintext connections (e.g. my own)---the pages load just fine.
I haven't played around with sites with expired certificates or anything
yet. But if IceCat is not reporting security status correctly, then
users may be at risk, so be careful in the meantime!
--
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 1 year and 263 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.