Bug#721153: marked as done (iceweasel: unable to remove an ssl cert exception)

Wed, 04 Sep 2013 08:42:40 -0700 

Your message dated Wed, 04 Sep 2013 09:54:29 -0400
with message-id <[email protected]>
and subject line Re: Bug#721153: iceweasel: unable to remove an ssl cert 
exception
has caused the Debian Bug report #721153,
regarding iceweasel: unable to remove an ssl cert exception
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
721153: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721153
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: iceweasel
Version: 17.0.8esr-2
Severity: important

Dear Maintainer,

when storing a security exception permanently and removing it later, the
cert will disappear from the list but it still gets accepted.

To reproduce:

0. clean user, rm -r ~/.mozilla
1. Set up a https server which uses a self-signed certificate, lets call
   it 'srv'
2. Start iceweasel, watch https://srv
3. iceweasel shows warning "untrusted connection"
4. Click on "Understand the risk", "Add exception", "confirm exception"
5. Exception gets stored permanently, iceweasel shows the content of
   https://srv
6. Go to edit/preferences/advanced/encryption/view_certs
7. Search the cert of https://srv and "delete or distrust" it
8. Try to watch https://srv again.  Iceweasel should now 
   show the "untrusted connection" warning again, but it doesn't.  Try
   to refresh the page, clean the cache or restart the browser.  The
   warning won't reappear.
9. Go to edit/preferences/advanced/encryption/view_certs again and look
   for the cert of https://srv.  It isn't there.

This may be related to bug #627552, but it also happens if the site is
not loaded from cache.

BTW: The info below was inserted by reportbug, which wasn't invoked from
within the clean user environment.  The extensions BetterPrivacy and
WebDeveloper were not active.  However, I could also reproduce the
problem when these extensions are active.

-- Package-specific info:

-- Extensions information
Name: Adblock Plus
Location: 
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Package: xul-ext-adblock-plus
Status: enabled

Name: BetterPrivacy
Location: ${PROFILE_EXTENSIONS}/{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
Status: enabled

Name: Default theme
Location: /usr/lib/iceweasel/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled

Name: Deutsch (DE) Language Pack locale
Location: /usr/lib/iceweasel/extensions/[email protected]
Package: iceweasel-l10n-de
Status: enabled

Name: Web Developer
Location: ${PROFILE_EXTENSIONS}/{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
Status: enabled

-- Plugins information
Name: DivX® Web Player
Location: /usr/lib/mozilla/plugins/libtotem-mully-plugin.so
Package: totem-mozilla
Status: enabled

Name: Gnome Shell Integration
Location: /usr/lib/mozilla/plugins/libgnome-shell-browser-plugin.so
Package: gnome-shell
Status: enabled

Name: QuickTime Plug-in 7.6.6
Location: /usr/lib/mozilla/plugins/libtotem-narrowspace-plugin.so
Package: totem-mozilla
Status: enabled

Name: Shockwave Flash
Location: /usr/lib/flashplugin-nonfree/libflashplayer.so
Status: enabled

Name: Skype Buttons for Kopete
Location: /usr/lib/mozilla/plugins/skypebuttons.so
Package: kopete
Status: enabled

Name: VLC Multimedia Plugin (compatible Totem 3.0.1)
Location: /usr/lib/mozilla/plugins/libtotem-cone-plugin.so
Package: totem-mozilla
Status: enabled

Name: Windows Media Player Plug-in 10 (compatible; Totem)
Location: /usr/lib/mozilla/plugins/libtotem-gmp-plugin.so
Package: totem-mozilla
Status: enabled

Name: iTunes Application Detector
Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so
Package: rhythmbox-plugins
Status: enabled


-- Addons package information
ii  gnome-shell    3.4.2-12     amd64        graphical shell for the GNOME des
ii  iceweasel      17.0.8esr-2  amd64        Web browser based on Firefox
ii  iceweasel-l10n 1:17.0.8esr- all          German language package for Icewe
ii  kopete         4:4.8.4-3    amd64        instant messaging and chat applic
ii  rhythmbox-plug 2.99.1-3     amd64        plugins for rhythmbox music playe
ii  totem-mozilla  3.0.1-9      amd64        Totem Mozilla plugin
ii  xul-ext-adbloc 2.2.3-1      all          Advertisement blocking extension 

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (400, 'unstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.10-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages iceweasel depends on:
ii  debianutils         4.4
ii  fontconfig          2.10.2-2
ii  libc6               2.17-92
ii  libgdk-pixbuf2.0-0  2.28.2-1
ii  libglib2.0-0        2.36.3-3
ii  libgtk2.0-0         2.24.20-1
ii  libnspr4            2:4.10-1
ii  libnspr4-0d         2:4.10-1
ii  libsqlite3-0        3.7.17-1
ii  libstdc++6          4.8.1-2
ii  procps              1:3.3.4-2
ii  xulrunner-17.0      17.0.8esr-2

iceweasel recommends no packages.

Versions of packages iceweasel suggests:
ii  fonts-stix [otf-stix]  1.1.0-1
ii  libgssapi-krb5-2       1.10.1+dfsg-6.1
pn  mozplugger             <none>

Versions of packages xulrunner-17.0 depends on:
ii  libasound2                1.0.27.1-2
ii  libatk1.0-0               2.8.0-2
ii  libbz2-1.0                1.0.6-4
ii  libc6                     2.17-92
ii  libcairo2                 1.12.14-4
ii  libdbus-1-3               1.6.12-1
ii  libdbus-glib-1-2          0.100.2-1
ii  libevent-2.0-5            2.0.21-stable-1
ii  libfontconfig1            2.10.2-2
ii  libfreetype6              2.4.9-1.1
ii  libgcc1                   1:4.8.1-2
ii  libgdk-pixbuf2.0-0        2.28.2-1
ii  libglib2.0-0              2.36.3-3
ii  libgtk2.0-0               2.24.20-1
ii  libhunspell-1.3-0         1.3.2-4
ii  libjpeg8                  8d-1
ii  libmozjs17d               17.0.8esr-2
ii  libnspr4                  2:4.10-1
ii  libnss3                   2:3.15.1-1
ii  libnss3-1d                2:3.15.1-1
ii  libpango-1.0-0            1.32.5-5+b1
ii  libpangocairo-1.0-0       1.32.5-5+b1
ii  libpangoft2-1.0-0         1.32.5-5+b1
ii  libpixman-1-0             0.26.0-4
ii  libsqlite3-0              3.7.17-1
ii  libstartup-notification0  0.12-3
ii  libstdc++6                4.8.1-2
ii  libvpx1                   1.2.0-2
ii  libx11-6                  2:1.6.0-1
ii  libxext6                  2:1.3.2-1
ii  libxrender1               1:0.9.8-1
ii  libxt6                    1:1.1.3-1+deb7u1
ii  zlib1g                    1:1.2.8.dfsg-1

Versions of packages xulrunner-17.0 suggests:
ii  libcanberra0  0.30-2
ii  libgnomeui-0  2.24.5-2

-- no debconf information

--- End Message ---
--- Begin Message --- 
On 09/04/2013 05:28 AM, Dietrich Clauss wrote:
> Daniel Kahn Gillmor schrieb:
>> I suspect you want to remove the certificate from the "Servers" tab, not
>> the "Authorities" tab -- the remote server is not an authority, and is
>> not being treated as such; it's being treated as a network peer, and
>> telling iceweasel to not treat it as an authority isn't asking for
>> anything to change.
 [...]
> 
> That's correct, thanks for the explanation.
> 
> My fault.  This bug report can be closed.

Great, glad we got that sorted out.

I do wish the UI was better, though.  You're certainly not the first
person to be tripped up by the complexity of the Certificate Manager.
Thanks for the report, and for the followup.

Regards,

        --dkg

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---

Reply via email to