[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnuzilla] Forced to have valid cert
From: |
ng0 |
Subject: |
Re: [Bug-gnuzilla] Forced to have valid cert |
Date: |
Wed, 2 Aug 2017 19:32:01 +0000 |
David Hedlund transcribed 4.3K bytes:
> That error occur in Firefox first of all. You should file the bug to
> bugzilla.mozilla.org.
This has nothing to do with Firefox. Well it does, but it is known.
StartCom has been kicked out of the trust store.
https://www.ssllabs.com/ssltest/analyze.html?d=y.st
https://freepo.st/post/jgcacuv4l4#comment-rbr0jagu5y
https://wiki.mozilla.org/CA:WoSign_Issues
WoSign is the CA which runs also StartCom, the one which y.st uses.
So the majority of browsers will not display this site via the globally
trust revoked CA.
>
> On 2017-08-02 19:59, Caleb Herbert wrote:
> > When I visit https://y.st/ I get the following message from IceCat:
> >
> > An error occurred during a connection to y.st. Peer’s
> > Certificate has been revoked. Error code:
> > SEC_ERROR_REVOKED_CERTIFICATE
> > IceCat offers no option to accept the certificate anyway. All it
> > presents me is a "Try Again" button. I'm helpless.
> >
> > I know all certificates should verify, but browser authors and
> > webmasters are dumb. Honestly, I think the certificate system is doomed
> > to be broken forever, and everyone will have to use "wget
> > --no-check-certificate" all the time.
> >
> > I would switch to another browser to view this site, but:
> >
> > * Midori crashes all the time
> > * GNOME Web is slow and takes up too much screen space (bulky,
> > "modern" widgets)
> > * Chromium is probably nonfree
> > * QupZilla is probably nonfree, because it contains Qt5 Web
> > Engine, which is a component of Chromium, which is probably
> > nonfree
> > * Lynx, Links, wget, w3m and eww shouldn't be the only options to
> > view a webpage
> > * Links2 and Netsurf are the ugliest things on the planet
> > * Surf (suckless.org) and Uzbl are too minimalistic, and only a
> > step up from Links2, and won't even render Riot correctly
> > * IceWeasel produces the same result
> > * Abrowser produces the same result
> >
> >
> > --
> > http://gnuzilla.gnu.org
>
> --
> http://gnuzilla.gnu.org
--
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org
signature.asc
Description: PGP signature