After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 737589 - Access to sites with invalid certificates is not blocked
Access to sites with invalid certificates is not blocked
Status: RESOLVED DUPLICATE of bug 708847
Product: epiphany
Classification: Core
Component: General
unspecified
Other Linux
: Normal blocker
: ---
Assigned To: Epiphany Maintainers
Epiphany Maintainers
Depends on:
Blocks:
 
 
Reported: 2014-09-29 13:36 UTC by rhi
Modified: 2014-09-29 17:11 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description rhi 2014-09-29 13:36:09 UTC 
Steps to reproduce:
1. Go to a site with a by-default invalid certificate, for instance https://www.pcwebshop.co.uk/

Result:
The lock in the address bar shows that there's a problem. If you click on it (and only then), you get more information. If you don't notice it, you may enter sensitive information and send it to malicious sites.

Expected result:
Access to the whole site should be blocked until the user has ensured the certificate's validity.

May be related to bug #633366 and #444844
Comment 1 Yosef Or Boczko 2014-09-29 13:45:13 UTC 
What is your epiphany's version?
Here (3.14.0) when I try to load this web site, I see warrning page, and just
if I clicking on the 'Rloead Anyway' button the page will be loadded.
Comment 2 Michael Catanzaro 2014-09-29 17:11:03 UTC 
Thanks for taking the time to report this bug.

This particular bug has already been reported into our bug tracking system, but we are happy to tell you that the problem has already been fixed.  Epiphany 3.14 will automatically block sites that fail certificate validation.

*** This bug has been marked as a duplicate of bug 708847 ***