Bug#756101: iceweasel: Cannot add exception for "sec_error_unknown_issuer"
Mike Hommey
mh at glandium.org
Sat Jul 26 09:16:24 UTC 2014
On Sat, Jul 26, 2014 at 06:10:31PM +0900, Mike Hommey wrote:
> On Sat, Jul 26, 2014 at 10:39:57AM +0200, Frank Lanitz wrote:
> > Package: iceweasel
> > Version: 31.0-1
> > Severity: normal
> >
> > Dear Maintainer,
> >
> > With latest updates I'm not able anymore to add an exception for HTTPS if
> > iceweasel is not knowing the issuer of an certificate.This is very disturbing
> > as e.g. Debian has also removed CAcert from list of certs so even I have the
> > fingerprint of the cert of a server, I cannot add them as "ok" without doing
> > some workaround via about:config.
> >
> > I'm only getting
> > <domain> uses an invalid security certificate.
> > The certificate is not trusted because the issuer certificate is unknown.
> > (Error code: sec_error_unknown_issuer)
> >
> > without any further option than 'Get me out of here!'
>
> If the site in question is using HSTS, this is expected, as it's exactly
> how it's supposed to work. For instance, if I go to
> https://www.cacert.org/, I go get a sec_error_unknown_issuer, but I get
> a "Get me out of here!" button.
Err, I mean, a Add Exception button (and below too).
>
> On the other hand, see
> https://bugzilla.mozilla.org/show_bug.cgi?id=1014387: a couple months ago,
> I was getting a sec_error_unknown_issuer without a "Get me out of here!"
> on https://panopticlick.eff.org/ because the server wasn't sending an
> intermediate certificate and eff.org is HSTS.
> (it's fixed now)
>
> I'm pretty sure you're hitting something similar.
>
> Mike
More information about the pkg-mozilla-maintainers
mailing list