Midori & revoked certificates
Kevin Fenzi
kevin at scrye.com
Mon Apr 14 15:31:04 UTC 2014
On Mon, 14 Apr 2014 08:50:33 +0200
Suvayu Ali <fatkasuvayu+linux at gmail.com> wrote:
> Hi,
>
> I was reading about Heartbleed and the results of the cloudflare
> challenge. The following post says, that particular server is using a
> revoked certificate and my browser should not show the page if
> certificate revocation is working properly.
>
> <https://www.cloudflarechallenge.com/heartbleed>
>
> Firefox with OCSP enabled shows me this message:
>
> Peer's Certificate has been revoked.
> (Error code: sec_error_revoked_certificate)
>
> Midori however happily displays the page. A quick look tells me there
> is no way to enable something like OCSP.
Midori can use gcr, which might be able to do something here. Not sure.
The only gcr available however is gtk3, so we can't use it in a gtk2
midori. Once we move to webkit2 and gtk3 we can enable that...
I can look and see if gcr can actually do this...
> Can this be taken up with upstream? More importantly, I would like to
> propose to drop midori from the spin until this is dealt with upstream
> (even if it means larger XFCE images); after all we do not want a less
> secure Fedora user.
>
> Any thoughts on this?
I personally think thats way too drastic. Many other browsers out there
don't handle revoked certs either.
Do you want to file an upstream bug on it? Or shall i?
we should at least see where we are at...
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/xfce/attachments/20140414/7cb77618/attachment.sig>
More information about the xfce
mailing list