'[konqueror] [Bug 333364] New: Konqueror allows user to view a site with a revoked TLS certificate'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       konq-bugs
Subject:    [konqueror] [Bug 333364] New: Konqueror allows user to view a site with a revoked TLS certificate
From:       Matthew Flaschen <matthew.flaschen () gatech ! edu>
Date:       2014-04-13 3:31:39
Message-ID: bug-333364-5021 () http ! bugs ! kde ! org/
[Download RAW message or body]

https://bugs.kde.org/show_bug.cgi?id=333364

            Bug ID: 333364
           Summary: Konqueror allows user to view a site with a revoked
                    TLS certificate
    Classification: Unclassified
           Product: konqueror
           Version: unspecified
          Platform: Debian stable
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: konq-bugs@kde.org
          Reporter: matthew.flaschen@gatech.edu

For example, try https://www.cloudflarechallenge.com/ .  This was deliberately
revoked (after the Heartbleed challenge) to test brower behavior
(http://blog.cloudflare.com/certificate-revocation-and-heartbleed).

Firefox correctly blocks the user from visiting the site.

Reproducible: Always

Steps to Reproduce:
1. Visit a site with a revoked TLS certificate.
Actual Results:  
It loads normally.

Expected Results:  
It does not load, and notifies the user of the security problem.

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Konq-bugs mailing list
Konq-bugs@kde.org
https://mail.kde.org/mailman/listinfo/konq-bugs
[prev in list] [next in list] [prev in thread] [next in thread] 