Bug#500785: iceweasel: SSL exceptions are forgotten
Mike Hommey
mh at glandium.org
Tue Dec 22 19:52:08 UTC 2009
Hi,
Sorry for the late answer.
On Wed, Oct 01, 2008 at 02:33:01PM +0200, Vladislav Kurz wrote:
> Package: iceweasel
> Version: 3.0.1-1
> Severity: normal
>
> Hello,
>
> it seems that the storage for SSL certificate exceptions is limited, and
> used as circular buffer. I visit a lot of sites with self-signed
> certificates, and from time to time I have to confirm all exceptions
> again as if I visit the site for the first time.
>
> This is not only annoying but dangerous. What if the site certificate changes
> and Iceweasel just forgets the old certificate. No warning etc. In
> firefox2 - exceptions were really stored permanently and I got warnings
> when the certificate expired or changed. But adding the same certificate
> over and over again will just train the user to add the exception as
> quickly as possible without really checking the content of the
> certificate.
>
> It seems that firefox bugzilla report 436122 might be related to this.
Do you have an idea on how many exceptions need to be added before it
starts dropping some of them ? Would you mind following the contents of
$HOME/.mozilla/firefox/*/cert_override.txt file, which contains these
overrides ?
Thanks
Mike
More information about the pkg-mozilla-maintainers
mailing list