On Sat, Jul 26, 2014 at 06:10:31PM +0900, Mike Hommey wrote: > On Sat, Jul 26, 2014 at 10:39:57AM +0200, Frank Lanitz wrote: > > Package: iceweasel > > Version: 31.0-1 > > Severity: normal > > > > Dear Maintainer, > > > > With latest updates I'm not able anymore to add an exception for HTTPS if > > iceweasel is not knowing the issuer of an certificate.This is very > > disturbing > > as e.g. Debian has also removed CAcert from list of certs so even I have the > > fingerprint of the cert of a server, I cannot add them as "ok" without doing > > some workaround via about:config. > > > > I'm only getting > > <domain> uses an invalid security certificate. > > The certificate is not trusted because the issuer certificate is unknown. > > (Error code: sec_error_unknown_issuer) > > > > without any further option than 'Get me out of here!' > > If the site in question is using HSTS, this is expected, as it's exactly > how it's supposed to work. For instance, if I go to > https://www.cacert.org/, I go get a sec_error_unknown_issuer, but I get > a "Get me out of here!" button.
Err, I mean, a Add Exception button (and below too). > > On the other hand, see > https://bugzilla.mozilla.org/show_bug.cgi?id=1014387: a couple months ago, > I was getting a sec_error_unknown_issuer without a "Get me out of here!" > on https://panopticlick.eff.org/ because the server wasn't sending an > intermediate certificate and eff.org is HSTS. > (it's fixed now) > > I'm pretty sure you're hitting something similar. > > Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
