Midori & revoked certificates
Suvayu Ali
fatkasuvayu+linux at gmail.com
Mon Apr 14 06:50:33 UTC 2014
Hi,
I was reading about Heartbleed and the results of the cloudflare
challenge. The following post says, that particular server is using a
revoked certificate and my browser should not show the page if
certificate revocation is working properly.
<https://www.cloudflarechallenge.com/heartbleed>
Firefox with OCSP enabled shows me this message:
Peer's Certificate has been revoked.
(Error code: sec_error_revoked_certificate)
Midori however happily displays the page. A quick look tells me there
is no way to enable something like OCSP.
Can this be taken up with upstream? More importantly, I would like to
propose to drop midori from the spin until this is dealt with upstream
(even if it means larger XFCE images); after all we do not want a less
secure Fedora user.
Any thoughts on this?
Cheers,
--
Suvayu
Open source is the future. It sets us free.
More information about the xfce
mailing list