search

JamesTheAwesomeDude / cerdicator

Enhanced TLS indicator with an emphasis on information about the Root Certificate Authority from which the connection's authenticity is derived
https://addons.mozilla.org/en-US/firefox/addon/cerdicator/
1 stars 3 forks source link

What is "indeterminate" status? #8

Closed JamesTheAwesomeDude closed 3 years ago

JamesTheAwesomeDude commented 3 years ago

In some cases, securityInfo.state will be secure, but securityInfo.certificates will be an empty Array.

This is an extremely disturbing state of affairs, but I've created a codepath to at least "address" it… for now, and for usability reasons, though, it just ignores these, which is not the correct long-term solution. (Well, it does send a warning to console, but that's not enough.)

Given that, at the time of this testing, it's only running checks on main_frame requests, makes this issue triply disturbing.

If you want to replicate it yourself, you'll have to head over to https://www.cacert.org/index.php?id=3 and try out their root certificate (then load the site via https). Any- and every-one who is able to replicate this [on other sites], PLEASE, chime in!

JamesTheAwesomeDude commented 3 years ago

I forgot to mention—to view these, go to about:debugging, scroll down to "cerdicator", and click Inspect.

You'll see it on the Console tab: a yellow-backgrounded message when loading such connections.

JamesTheAwesomeDude commented 3 years ago

It turns out this is a duplicate of #3.

I thought this error was coming from CAcert, but it was actually coming from the ESXi background tab I had open. :facepalm: