GNOME Bugzilla – Bug 594856
[REGRESSION] Lack of certificate manager
Last modified: 2014-09-21 21:30:38 UTC
The certificate manager is not working in 2.27.x (up to .92).
could you explain a little better, you mean you do not ask for any certificate, when to do it?
Usually: Unable to load page Problem occurred while loading the URL https://xxx/ Connection terminated unexpectedly If I choose Tools->Manage Certificates nothing happens
On some sites when I try to create certificate: From website: "An error occurred while processing your request: Your browser did not send us a valid certificate request"
ah, specifically there is no way to configure client certificates. eg, https://koji.fedoraproject.org/koji/login will give the "connection terminated unexpectedly" error, because the site sends the "client certificate required" flag in its ssl handshake, and we don't provide a cert, so it closes the connection.
Additionally, double-clicking the certificate icon in the status bar does not show the certificate info dialog box. Should the certificate manager even be an extension? Being able to view the details of a web site's certificate is an essential feature of any web browser IMO. Without it, there is no way to verify the identity of the web site you are connected to. Seeing that it has been signed by _a_ trusted CA is not very useful when we have so many random CAs and no restriction on what they may sign. It is also essential in order to securely use the 'verified by visa' and 'mastercard securecode' crap that banks are now forcing on end users.
*** Bug 607828 has been marked as a duplicate of this bug. ***
Marking NEW per duplicate bug.
To be clear, is this a bug about epiphany lacking a built-in certificate manager, or about epiphany-extension's certificate manager not working, or both?
(In reply to comment #8) > To be clear, is this a bug about epiphany lacking a built-in certificate > manager, or about epiphany-extension's certificate manager not working, or > both? I think mostly second one. I don't care how it is implemented as long as it is well integrated (for example fixes bug #542454).
Sorry - could it be blocker for 3.0? I mean - it is really basic element which any other browser has. I would help but unfortunatly I don't have much time recently.
(In reply to comment #10) > Sorry - could it be blocker for 3.0? I mean - it is really basic element which > any other browser has. I would help but unfortunatly I don't have much time > recently. Not sure what you are asking here exactly. It can't be a blocker since pretending that any feature done through an extension could be a blocker for the mainline browser makes no sense. If want you want to say is that you'd like us to, worst case, drop everything and fix this before 3.0, well, your vote is noted...
(In reply to comment #11) > (In reply to comment #10) > > Sorry - could it be blocker for 3.0? I mean - it is really basic element which > > any other browser has. I would help but unfortunatly I don't have much time > > recently. > > Not sure what you are asking here exactly. It can't be a blocker since > pretending that any feature done through an extension could be a blocker for > the mainline browser makes no sense. Hmm. VGA/network is 'blocker' for most kernels even if it they are microkernels and it is done by separate processes ;) > If want you want to say is that you'd like > us to, worst case, drop everything and fix this before 3.0, well, your vote is > noted... Since 3.0 is in 6 month I think it is possible without 'dropping everything'. I, of course, merly ask/vote for feature (sorry if it sounded otherwise).
*** Bug 336072 has been marked as a duplicate of this bug. ***
I'd suggest that epiphany needs a proper certificate manager without relying on an extension. Having to rely on seperate extension that isn't even distributed in base distributions (Ubuntu puts extensions in universe) is bad enough, but even that doesn't work any more.
We just need that when clickin gon "tools->manage certificates" we can view the certificates and manage them by adding, deleting and editing. According to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560310 this is an issue in libsoop, could that be confirmed please?
Possibly it should be integrated with gnome-keyring as, if I understend correctly, the certificates are going to be handled globally.
Seriously, there's no need to list every single release between the start of the regression and the present.
(In reply to comment #5) > Additionally, double-clicking the certificate icon in the status bar does not > show the certificate info dialog box. > This has been fixed in bug #681506, but for now you can only read the cert. information.
Certificate management is out of scope for Epiphany -- that's what Seahorse is for -- except that we do need to somehow support client-side SSL certificates as mentioned in comment #4. *** This bug has been marked as a duplicate of bug 618429 ***