Midori Web Browser

Implement TLS certificate management

Bug #706857 reported by Michael Moroni
274
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Midori Web Browser
Fix Released
Undecided
Unassigned
bugzilla.gnome.org
Expired
Medium
Debian
New
Undecided
Unassigned

Bug Description

I use my own CA (certficate authority) on my SSL-secured internal webservers. For this reason I wamt import my public CA Root certificate in midori, but midori has no import/export dialogs for certificates.

But: At the moment there is no warning dialog if a certificate is unknown (or selfsigned) in midori! This is a security bug, that need to be fixed first (there is a other bug report for this task).

Moved from FS: http://www.twotoasts.de/bugs/index.php?do=details&task_id=399

Tags: ssl
Revision history for this message
Michael Moroni (airon90) wrote :

Related bug http://www.twotoasts.de/bugs/index.php?do=details&task_id=168&project=2&pagenum=2

argafal

Revision history for this message
Michael Moroni (airon90) wrote :

Je confirme la nécessité de pouvoir gérer les certificats avec Midori :

- en France, la déclaration fiscale demande un certificat
- de plus en plus d'achats sur internet demandent également la gestion des certificats

Cette amélioration est plus que urgente. Je suis obligé d'installer Firefox pour pouvoir traiter ces tâches.
Si une solution n'est pas trouvée assez rapidement je serais donc contrain d'abandonner Midori, alors que je suis un fervent adepte.

Traduction Google :

I confirm the need to be able to manage the certificates with Midori

- In France, the "fiscal declaration" needs certificate
- More and more Internet purchases also require certificate management

This improvement is more than urgent.
I am forced to install Firefox to handle these tasks.
If a solution is not found quickly enough so I would be constraints to abandoning
Midori, as I am a firm believer.

pailou

Changed in midori:
status: New → Incomplete
status: Incomplete → Confirmed
Revision history for this message
FR. Loïc (hackurx) wrote :

Hi,

With my safety tests I just saw that midori does not monitor or poorly SSL Certificates ! (see the screenshot)

Midori is part of the Xfce project and is available in the repositories and varients therefore represents a consequent risk for the security.

FR. Loïc (hackurx)
Changed in midori:
assignee: nobody → Stéphane Marguet (stemp)
FR. Loïc (hackurx)
security vulnerability: no → yes
Cris Dywan (kalikiana)
tags: added: ssl
Revision history for this message
Cris Dywan (kalikiana) wrote :
Revision history for this message
Cris Dywan (kalikiana) wrote :
Revision history for this message
Cris Dywan (kalikiana) wrote :

Coming here to say "I find this more urgent than anything else" is not helping very much, quite frankly. The above patches are the basis for using system certificates and displaying certificates. Anybody is free to pick it up and implement a way to open a dialog, perhaps by clicking the left-side icon or something else.

Stéphane Marguet (stemp)
Changed in midori:
assignee: Stéphane Marguet (stemp) → nobody
Cris Dywan (kalikiana)
summary: - midori needs a certificate management
+ Implement TLS certificate management
Revision history for this message
Cris Dywan (kalikiana) wrote :

http://stef.thewalter.net/2010/10/certificate-and-key-widgets.html
http://git.gnome.org/browse/libsoup/commit/?id=12238c7d3afd751b98fe3204092c254310bf1e69
http://opensource.conformal.com/cgi-bin/cvsweb/xxxterm/xxxterm/xxxterm.c?rev=HEAD

Revision history for this message
Cris Dywan (kalikiana) wrote :

Enhanced test case based on the above. Unfortunately, I'm unable to produce any output with libSoup API whatsoever.

Cris Dywan (kalikiana)
Changed in midori:
assignee: nobody → Christian Dywan (kalikiana)
Revision history for this message
Cris Dywan (kalikiana) wrote :

Updated GCR test patch, including inconsistency check, making use of the details dialog. No certificate output whatsoever on my system.

Changed in midori:
assignee: Christian Dywan (kalikiana) → nobody
Revision history for this message
Cris Dywan (kalikiana) wrote :

WebKit apparently tends to send mock messages, by maintaining a hash table we get the certificate and flags. We then use it to render details with GCR, which you see on the screenshot. There's also a very simple fallback code path.

Revision history for this message
Cris Dywan (kalikiana) wrote :

Little update: unverifiable websites can also be trusted now by using the "Trust this website" button inside the error page.

Bug Watch Updater (bug-watch-updater)
Changed in bugzilla.gnome.org:
importance: Unknown → Medium
status: Unknown → New
Cris Dywan (kalikiana)
Changed in midori:
status: Confirmed → Fix Committed
Cris Dywan (kalikiana)
Changed in midori:
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in bugzilla.gnome.org:
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in bugzilla.gnome.org:
status: Confirmed → Expired
Bug Watch Updater (bug-watch-updater)
Changed in bugzilla.gnome.org:
status: Expired → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in bugzilla.gnome.org:
status: Confirmed → Expired
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.