Open halderen opened 8 years ago
Decided by steeringcmte on 2017-01-19 to keep issue icebox as many browsers aren't using it anyway.
[...]
Can I submit revocation checking as a feature request?
This seems a valuable addition to me as sometimes browsers don’t warn users that the server certificate has been revoked and site admins don’t seem to know that they have a problem."
Result is that https://revoked-rsa-dv.ssl.com/ ¹ is passing with no TLS issues other than HSTS, while Firefox cannot visit the site because it's revoked. Such a sub test would be extra interesting since Chrome does not check for revocation, so if an the admin only uses Chrome/Edge this issue won't be noticed. Some failing sub test would be a plus here.
¹ Sadly a lot of BadSSL certificates uses expired root CA's, these are known issues in the project. Luckily SSL.com has some test certificates too: https://www.ssl.com/sample-valid-revoked-and-expired-ssl-tls-certificates/
Duplicate issue OCSP?