Re: [Bug-gnuzilla] Forced to have valid cert

bug-gnuzilla

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnuzilla] Forced to have valid cert

From:	ng0
Subject:	Re: [Bug-gnuzilla] Forced to have valid cert
Date:	Wed, 2 Aug 2017 19:32:01 +0000

David Hedlund transcribed 4.3K bytes:
> That error occur in Firefox first of all. You should file the bug to
> bugzilla.mozilla.org.

This has nothing to do with Firefox. Well it does, but it is known.
StartCom has been kicked out of the trust store.

https://www.ssllabs.com/ssltest/analyze.html?d=y.st
https://freepo.st/post/jgcacuv4l4#comment-rbr0jagu5y
https://wiki.mozilla.org/CA:WoSign_Issues

WoSign is the CA which runs also StartCom, the one which y.st uses.
So the majority of browsers will not display this site via the globally
trust revoked CA.

> 
> On 2017-08-02 19:59, Caleb Herbert wrote:
> > When I visit https://y.st/ I get the following message from IceCat:
> > 
> >          An error occurred during a connection to y.st. Peer’s
> >          Certificate has been revoked. Error code:
> >          SEC_ERROR_REVOKED_CERTIFICATE
> > IceCat offers no option to accept the certificate anyway.  All it
> > presents me is a "Try Again" button.  I'm helpless.
> > 
> > I know all certificates should verify, but browser authors and
> > webmasters are dumb.  Honestly, I think the certificate system is doomed
> > to be broken forever, and everyone will have to use "wget
> > --no-check-certificate" all the time.
> > 
> > I would switch to another browser to view this site, but:
> > 
> >        * Midori crashes all the time
> >        * GNOME Web is slow and takes up too much screen space (bulky,
> >          "modern" widgets)
> >        * Chromium is probably nonfree
> >        * QupZilla is probably nonfree, because it contains Qt5 Web
> >          Engine, which is a component of Chromium, which is probably
> >          nonfree
> >        * Lynx, Links, wget, w3m and eww shouldn't be the only options to
> >          view a webpage
> >        * Links2 and Netsurf are the ugliest things on the planet
> >        * Surf (suckless.org) and Uzbl are too minimalistic, and only a
> >          step up from Links2, and won't even render Riot correctly
> >        * IceWeasel produces the same result
> >        * Abrowser produces the same result
> > 
> > 
> > --
> > http://gnuzilla.gnu.org
> 

> --
> http://gnuzilla.gnu.org


-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-gnuzilla] Forced to have valid cert, Caleb Herbert, 2017/08/02
- Re: [Bug-gnuzilla] Forced to have valid cert, David Hedlund, 2017/08/02
  - Re: [Bug-gnuzilla] Forced to have valid cert, ng0 <=

Prev by Date: Re: [Bug-gnuzilla] Forced to have valid cert
Next by Date: Re: [Bug-gnuzilla] interest expressed at Debian #637348. Send your reasons too!
Previous by thread: Re: [Bug-gnuzilla] Forced to have valid cert
Next by thread: Re: [Bug-gnuzilla] interest expressed at Debian #637348. Send your reasons too!
Index(es):
- Date
- Thread