Bug#756101: iceweasel: Cannot add exception for sec_error_unknown_issuer
Hi, I wrote: this also happens with error code sec_error_ca_cert_invalid on our development machines. There is no option to add a security exception. See http://i.imgur.com/DlFJoUo.png and http://i.imgur.com/BCQRuxe.png. Runnig iceweasel in safe mode did not help. Version 32.0~b5-1 from experimental behaves the same. There's not even a 'Get me out of here!' option. The server does not use HTTP Strict Transport Security. I just installed Firefox 33.0 Beta 9. It fixes this problem. Carsten -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#756101: iceweasel: Cannot add exception for sec_error_unknown_issuer
Package: iceweasel Version: 31.0-3 Followup-For: Bug #756101 Dear Maintainer, this also happens with error code sec_error_ca_cert_invalid on our development machines. There is no option to add a security exception. See http://i.imgur.com/DlFJoUo.png and http://i.imgur.com/BCQRuxe.png. Runnig iceweasel in safe mode did not help. Version 32.0~b5-1 from experimental behaves the same. There's not even a 'Get me out of here!' option. The server does not use HTTP Strict Transport Security. It did work in version 30.0. Chromium version 35.0.1916.153 Debian jessie/sid (274914) shows the page or allows to proceed after a warning. -- Package-specific info: -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iceweasel depends on: ii debianutils 4.4 ii fontconfig2.11.0-5 ii libasound21.0.28-1 ii libatk1.0-0 2.12.0-1 ii libc6 2.19-7 ii libcairo2 1.12.16-2 ii libdbus-1-3 1.8.6-1 ii libdbus-glib-1-2 0.102-1 ii libevent-2.0-52.0.21-stable-1 ii libffi6 3.1-2 ii libfontconfig12.11.0-5 ii libfreetype6 2.5.2-1.1 ii libgcc1 1:4.9.1-4 ii libgdk-pixbuf2.0-02.30.7-1 ii libglib2.0-0 2.40.0-3 ii libgtk2.0-0 2.24.24-1 ii libhunspell-1.3-0 1.3.3-2 ii libnspr4 2:4.10.6-1 ii libnss3 2:3.16.3-1 ii libpango-1.0-01.36.3-1 ii libsqlite3-0 3.8.5-2 ii libstartup-notification0 0.12-3 ii libstdc++64.9.1-4 ii libvpx1 1.3.0-2 ii libx11-6 2:1.6.2-2 ii libxext6 2:1.3.2-1 ii libxrender1 1:0.9.8-1 ii libxt61:1.1.4-1 ii procps1:3.3.9-7 ii zlib1g1:1.2.8.dfsg-1 iceweasel recommends no packages. Versions of packages iceweasel suggests: pn fonts-mathjax none pn fonts-oflb-asana-math none ii fonts-stix [otf-stix] 1.1.1-1 ii libcanberra0 0.30-2 ii libgnomeui-0 2.24.5-3 ii libgssapi-krb5-2 1.12.1+dfsg-7 pn mozplugger none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#756101: iceweasel: Cannot add exception for sec_error_unknown_issuer
On Sat, Jul 26, 2014 at 06:10:31PM +0900, Mike Hommey wrote: On Sat, Jul 26, 2014 at 10:39:57AM +0200, Frank Lanitz wrote: Package: iceweasel Version: 31.0-1 Severity: normal Dear Maintainer, With latest updates I'm not able anymore to add an exception for HTTPS if iceweasel is not knowing the issuer of an certificate.This is very disturbing as e.g. Debian has also removed CAcert from list of certs so even I have the fingerprint of the cert of a server, I cannot add them as ok without doing some workaround via about:config. I'm only getting domain uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) without any further option than 'Get me out of here!' If the site in question is using HSTS, this is expected, as it's exactly how it's supposed to work. For instance, if I go to https://www.cacert.org/, I go get a sec_error_unknown_issuer, but I get a Get me out of here! button. Err, I mean, a Add Exception button (and below too). On the other hand, see https://bugzilla.mozilla.org/show_bug.cgi?id=1014387: a couple months ago, I was getting a sec_error_unknown_issuer without a Get me out of here! on https://panopticlick.eff.org/ because the server wasn't sending an intermediate certificate and eff.org is HSTS. (it's fixed now) I'm pretty sure you're hitting something similar. Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#756101: iceweasel: Cannot add exception for sec_error_unknown_issuer
On Sat, Jul 26, 2014 at 10:39:57AM +0200, Frank Lanitz wrote: Package: iceweasel Version: 31.0-1 Severity: normal Dear Maintainer, With latest updates I'm not able anymore to add an exception for HTTPS if iceweasel is not knowing the issuer of an certificate.This is very disturbing as e.g. Debian has also removed CAcert from list of certs so even I have the fingerprint of the cert of a server, I cannot add them as ok without doing some workaround via about:config. I'm only getting domain uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) without any further option than 'Get me out of here!' If the site in question is using HSTS, this is expected, as it's exactly how it's supposed to work. For instance, if I go to https://www.cacert.org/, I go get a sec_error_unknown_issuer, but I get a Get me out of here! button. On the other hand, see https://bugzilla.mozilla.org/show_bug.cgi?id=1014387: a couple months ago, I was getting a sec_error_unknown_issuer without a Get me out of here! on https://panopticlick.eff.org/ because the server wasn't sending an intermediate certificate and eff.org is HSTS. (it's fixed now) I'm pretty sure you're hitting something similar. Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#756101: iceweasel: Cannot add exception for sec_error_unknown_issuer
Package: iceweasel Version: 31.0-1 Severity: normal Dear Maintainer, With latest updates I'm not able anymore to add an exception for HTTPS if iceweasel is not knowing the issuer of an certificate.This is very disturbing as e.g. Debian has also removed CAcert from list of certs so even I have the fingerprint of the cert of a server, I cannot add them as ok without doing some workaround via about:config. I'm only getting domain uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) without any further option than 'Get me out of here!' -- Package-specific info: -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-rc6-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iceweasel depends on: ii debianutils 4.4 ii fontconfig2.11.0-5 ii libasound21.0.28-1 ii libatk1.0-0 2.12.0-1 ii libc6 2.19-7 ii libcairo2 1.12.16-2 ii libdbus-1-3 1.8.6-1 ii libdbus-glib-1-2 0.102-1 ii libevent-2.0-52.0.21-stable-1 ii libffi6 3.1-2 ii libfontconfig12.11.0-5 ii libfreetype6 2.5.2-1 ii libgcc1 1:4.9.1-1 ii libgdk-pixbuf2.0-02.30.7-1 ii libglib2.0-0 2.40.0-3 ii libgtk2.0-0 2.24.24-1 ii libhunspell-1.3-0 1.3.3-2 ii libnspr4 2:4.10.6-1 ii libnss3 2:3.16.3-1 ii libpango-1.0-01.36.3-1 ii libsqlite3-0 3.8.5-2 ii libstartup-notification0 0.12-3 ii libstdc++64.9.1-1 ii libvpx1 1.3.0-2 ii libx11-6 2:1.6.2-2 ii libxext6 2:1.3.2-1 ii libxrender1 1:0.9.8-1 ii libxt61:1.1.4-1 ii procps1:3.3.9-7 ii zlib1g1:1.2.8.dfsg-1 iceweasel recommends no packages. Versions of packages iceweasel suggests: pn fonts-mathjax none ii fonts-oflb-asana-math 000.907-6 ii fonts-stix [otf-stix] 1.1.1-1 ii libcanberra0 0.30-2 pn libgnomeui-0 none ii libgssapi-krb5-2 1.12.1+dfsg-4 pn mozplugger none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org