[pkg-lynx-maint] Bug#745835: Bug#745835: lynx-cur: certificate revocation is not checked
Vincent Lefevre
vincent at vinc17.net
Mon Apr 27 14:57:14 UTC 2015
Hi,
On 2015-04-27 14:49:15 +0200, Axel Beckert wrote:
> Vincent Lefevre wrote:
> > This problem still occurs. For a new testcase URL:
> >
> > lynx https://www.vinc17.net:4434/
> >
> > does not give an error, contrary to Firefox.
>
> JFTR: Works "fine" (i.e. without revocation warning) in Chromium
> (42.0.2311.90-2), too. But I don't see such a bug report at
> https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=chromium-browser
Chromium is just crap and its maintainers do not care. See my bug
report here (which is a part of the problem):
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745646
The bug was closed without being fixed.
> Can you please elaborate over which methods you expect lynx to check
> the revocation or over which methods it can be checked, i.e. CRL or
> OCSP?
CRL might be OK if Debian has a way to get a complete CRLset.
But I haven't seen one.
So, OCSP (possibly OCSP must-staple) should really be implemented.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the pkg-lynx-maint
mailing list