On Tue, Nov 8, 2016 at 2:23 PM, Percy <percyal...@gmail.com> wrote: > You can see from image1 that all StartCom roots are marked distrust > systemwide. No WoSign roots are included on Mac. > > However when I'm accessing https://www.schrauger.com/ in Chrome, the HTTPS > connection is marked as valid (image2) and the certification authority of > WoSign is regarded as a valid intermediate cert. In the same session, when > accessing https://wosign.com, the same intermediate cert is marked as > untrusted (image3) which is what I expect. > > The same thing happened in Safari (Image 4&5). Can someone explain how the > Certification Authority of WoSign (Serial number: 7250751724796726) is > sometimes valid when the root cert is distrusted? >
This probably isn't the list to ask about Safari or Chrome, but for sake of giving you a reply: Chrome - The bug to star is https://bugs.chromium.org/p/chromium/issues/detail?id=661003 Safari - Apple's announcement stated that they would be whitelisting certificates disclosed via CT before a particular date. So I suspect that's what coming in to play here. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy