Bug#559917: epiphany-browser: no longer warns about invalid SSL certificates

Mark Kamichoff prox at prolixium.com
Mon Dec 7 19:55:16 UTC 2009 

Package: epiphany-browser
Version: 2.29.3-1
Severity: normal


It appears that epiphany-browser 2.29.3-1 does not generate /any/
warnings or errors when browsing to SSL sites that send invalid server
certificates.  I've tested several types of invalid certificates with
diferent websites, and Epiphany loads the sites every time without any
dialog or warning message.  We're talking things like the following:

* self-signed certificates
* expired certificates
* CN mismatches

This is a serious security problem, as no SSL sites can be authenticated
using Epiphany anymore.

I've poked around at the GConf keys in /apps/epiphany, but I didn't see
anything SSL-related that was obviously disabled.  Since WebKit doesn't
have an about:config, I'm not sure where to look for the usual SSL
options.

Let me know if I can provide additional information that might help
narrowing this down.  

- Mark

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages epiphany-browser depends on:
ii  dbus-x11                    1.2.16-2     simple interprocess messaging syst
ii  epiphany-browser-data       2.29.3-1     Data files for the GNOME web brows
ii  gnome-icon-theme            2.28.0-1     GNOME Desktop icon theme
ii  iso-codes                   3.11.1-1     ISO language, territory, currency,
ii  libavahi-client3            0.6.25-2     Avahi client library
ii  libavahi-common3            0.6.25-2     Avahi common library
ii  libavahi-gobject0           0.6.25-2     Avahi GObject library
ii  libc6                       2.10.2-2     GNU C Library: Shared libraries
ii  libdbus-1-3                 1.2.16-2     simple interprocess messaging syst
ii  libdbus-glib-1-2            0.82-2       simple interprocess messaging syst
ii  libgconf2-4                 2.28.0-1     GNOME configuration database syste
ii  libgirepository1.0-0        0.6.5-4      Library for handling GObject intro
ii  libglib2.0-0                2.22.3-1     The GLib library of C routines
ii  libgnome-keyring0           2.28.1-2     GNOME keyring services library
ii  libgtk2.0-0                 2.18.3-1     The GTK+ graphical user interface 
ii  libice6                     2:1.0.6-1    X11 Inter-Client Exchange library
ii  libnotify1 [libnotify1-gtk2 0.4.5-1      sends desktop notifications to a n
ii  libnspr4-0d                 4.8.2-1      NetScape Portable Runtime Library
ii  libnss3-1d                  3.12.4-1     Network Security Service libraries
ii  libpango1.0-0               1.26.1-1     Layout and rendering of internatio
ii  libseed0                    2.28.0-2     GObject JavaScript bindings for th
ii  libsm6                      2:1.1.1-1    X11 Session Management library
ii  libsoup-gnome2.4-1          2.28.1-3     an HTTP library implementation in 
ii  libsoup2.4-1                2.28.1-3     an HTTP library implementation in 
ii  libwebkit-1.0-2             1.1.16-3     Web content engine library for Gtk
ii  libx11-6                    2:1.2.2-1    X11 client-side library
ii  libxml2                     2.7.6.dfsg-1 GNOME XML library
ii  libxslt1.1                  1.1.26-1     XSLT processing library - runtime 

Versions of packages epiphany-browser recommends:
pn  yelp                          <none>     (no description available)

Versions of packages epiphany-browser suggests:
pn  mozplugger                    <none>     (no description available)

-- no debconf information

More information about the pkg-gnome-maintainers mailing list