Bug 924173

Summary: Firefox caches system certificate trust information
Product: [Fedora] Fedora Reporter: Stef Walter <stefw>
Component: firefoxAssignee: Gecko Maintainer <gecko-bugs-nobody>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: gecko-bugs-nobody, kengert
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-21 15:42:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 466626, 924186    

Description Stef Walter 2013-03-21 10:28:35 UTC 
Apparently, Firefox requires users to clear their per-user caches when a system trust changes (eg: when a certificate authority is blacklisted, etc.).

This prevents/complicates administrator managing of system trusted anchors and blacklists.

Kai has more details on this.
Comment 1 Kai Engert (:kaie) (inactive account) 2013-03-21 15:33:01 UTC 
I think this bug report got filed because of a misunderstanding and is invalid.

The caching isn't related to trust. Firefox simply caches the displayed web pages, and might still show a https from the cache, without revalidating the cert, even if the trust of the cert has changed. If the web page cache is still valid, there is no SSL/TLS connection, no handshake and no cert validation.
Comment 2 Stef Walter 2013-03-21 15:42:52 UTC 
Makes sense. Thanks for the clarification.
Comment 3 Stef Walter 2013-03-22 10:40:42 UTC 
*** Bug 924172 has been marked as a duplicate of this bug. ***
Comment 4 Martin Stransky 2013-03-22 10:43:45 UTC 
*** Bug 924172 has been marked as a duplicate of this bug. ***