Bug#603594: epiphany-browser: doesn't perform any ssl certificate checking (in the squeeze version)
Josselin Mouette
joss at debian.org
Mon Nov 15 19:47:20 UTC 2010
Le mardi 16 novembre 2010 à 04:19 +1100, david b a écrit :
> epiphany-browser as found in squeeze does not check remote ssl certificate validity for https connections.
> Here is a test url: (WHICH SHOULD FAIL)
>
> https://i.broke.the.internet.and.all.i.got.was.this.t-shirt.phreedom.org/
>
> But it won't! (in squeeze).
The site displays, but the certificate appears broken, and the visual
aids for valid SSL connections (lock icon, yellow address bar) are
disabled. The icon in the lower left corner shows a broken lock.
With an invalid SSL certificate, you have exactly the same level of
security as with plain HTTP - even a bit more, since you are immune to
some passive attacks. There is absolutely no reason to behave
differently.
Hence the epiphany behavior is correct.
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `' “If you behave this way because you are blackmailed by someone,
`- […] I will see what I can do for you.” -- Jörg Schilling
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20101115/256b50b0/attachment.pgp>
More information about the pkg-gnome-maintainers
mailing list