Bug#500785: iceweasel: SSL exceptions are forgotten
Vladislav Kurz
vladislav.kurz at webstep.net
Mon Jan 4 09:51:37 UTC 2010
On Tuesday 22 of December 2009, Mike Hommey wrote:
> Hi,
>
> Sorry for the late answer.
>
> On Wed, Oct 01, 2008 at 02:33:01PM +0200, Vladislav Kurz wrote:
> > Package: iceweasel
> > Version: 3.0.1-1
> > Severity: normal
> >
> > Hello,
> >
> > it seems that the storage for SSL certificate exceptions is limited, and
> > used as circular buffer. I visit a lot of sites with self-signed
> > certificates, and from time to time I have to confirm all exceptions
> > again as if I visit the site for the first time.
> >
> > This is not only annoying but dangerous. What if the site certificate
> > changes and Iceweasel just forgets the old certificate. No warning etc.
> > In firefox2 - exceptions were really stored permanently and I got
> > warnings when the certificate expired or changed. But adding the same
> > certificate over and over again will just train the user to add the
> > exception as quickly as possible without really checking the content of
> > the
> > certificate.
> >
> > It seems that firefox bugzilla report 436122 might be related to this.
>
> Do you have an idea on how many exceptions need to be added before it
> starts dropping some of them ? Would you mind following the contents of
> $HOME/.mozilla/firefox/*/cert_override.txt file, which contains these
> overrides ?
Hi,
now I have 28 overrides. However I almost forgot about this bug. In the
meantime I upgraded to icewaeasel 3.0.6-3 and this bug did not occur for
quite a long time. I'm not sure, but it might have been fixed by upgrade.
--
Regards
Vladislav Kurz
More information about the pkg-mozilla-maintainers
mailing list