Accept certificate for X happens too often and contains no useful information - Githubissues

Dax89 / WebPirate

A Tabbed, WebKit based Browser Web for SailfishOS

GNU General Public License v3.0

15 stars 7 forks source link

Accept certificate for X happens too often and contains no useful information #69

Open Mikaela opened 8 years ago

Mikaela commented 8 years ago

Some examples where I get the question:

https://openwireless.org/
https://kauppa.saunalahti.fi/ (shop for one Finnish carrier)
https://slashdot.org/
and a lot more.

Either I am MITMed a lot which seems very unlikely or there is a bug in Harbour Webpirate.

In case I am MITMed, there is nothing to proof that as I am just asked yes/no.

What would make it more useful would be at least:

Issued to
- Common Name
- Organization
- Organization Unit
Issuer
- Common Name
- Organization
- Organization unit
Date of granting
Date of expiring
SHA-512 fingerprint
SHA-256 fingerprint

This is what Chrome/Chromium also shows with the exception of it showing SHA-1 (which is deprecated) instead of SHA-512.

llelectronics commented 8 years ago

The main problem basically is that the qtwebkit engine in SailfishOS is either built against an older openssl version or openssl is outdated. Nevertheless the certificate list is outdated which causes those certificate popups.
The problem for us developers is that we only get a failed ssl authentication dialog method to deal with it. So no why or who or when.
Its simply impossible to know what failed or what certificate it is thats asking for permission.
This is a limitation in upstreams qml api for qtwebkit.

I am not sure if its possible to find a solution for this.