Hi Kevin, On Mon, Apr 14, 2014 at 09:31:04AM -0600, Kevin Fenzi wrote: > On Mon, 14 Apr 2014 08:50:33 +0200 > Suvayu Ali <[email protected]> wrote: > > > > I was reading about Heartbleed and the results of the cloudflare > > challenge. The following post says, that particular server is using a > > revoked certificate and my browser should not show the page if > > certificate revocation is working properly. > > > > <https://www.cloudflarechallenge.com/heartbleed> > > > > Firefox with OCSP enabled shows me this message: > > > > Peer's Certificate has been revoked. > > (Error code: sec_error_revoked_certificate) > > > > Midori however happily displays the page. A quick look tells me there > > is no way to enable something like OCSP. > > Midori can use gcr, which might be able to do something here. Not sure. > > The only gcr available however is gtk3, so we can't use it in a gtk2 > midori. Once we move to webkit2 and gtk3 we can enable that... > > I can look and see if gcr can actually do this...
I was not aware of Gcr, looks interesting. > > Can this be taken up with upstream? More importantly, I would like to > > propose to drop midori from the spin until this is dealt with upstream > > (even if it means larger XFCE images); after all we do not want a less > > secure Fedora user. > > > > Any thoughts on this? > > I personally think thats way too drastic. Many other browsers out there > don't handle revoked certs either. That is true. I think Firefox is the only one that does it sensibly. > Do you want to file an upstream bug on it? Or shall i? > > we should at least see where we are at... It would be better if you could do it. I do not think I can follow up with updates/comments reasonably quickly. Cheers, -- Suvayu Open source is the future. It sets us free. _______________________________________________ xfce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/xfce
