On 05/12/2016 07:39 PM, John Magne wrote:
Took a look at this.
Seems pretty good, so ACK, with a concern or two.
I think we might want to consider seeing if we can somehow short circuit
the display to something that won't let them send to the server, when we
know we don't even have the keygen tag available.
So if tested to work with Firefox and Chrome, etc, ACK once again.
----- Original Message -----
From: "Matthew Harmsen" <[email protected]>
To: "pki-devel" <[email protected]>
Cc: "Jack Magne" <[email protected]>
Sent: Thursday, May 12, 2016 3:45:11 PM
Subject: [PATCH] Added Chrome keygen warning
While testing chrome, we discovered that (a) keygen would soon not be
supported:
*
https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/pX5NbX0Xack
(b) although keygen is still supported, it has been disabled by default
with a workaround provided to re-enable it:
*
https://support.quovadisglobal.com/kb/a470/deprecation-of-keygen-tag-in-chrome-chromium-browsers.aspx
Please review the attached patch which supplies a warning message and
instructions on how to re-enable keygen
on Chrome browsers that support this:
* PKI TRAC #2323 - Firefox Warning appears in EE page launched from
within Chrome <https://fedorahosted.org/pki/ticket/2323>
Additionally, an attempt was made to identify the case when KeyGen would
not be available on Firefox and Chrome.
-- Matt
Thanks, comment added to this section of code; checked into master.
_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel
