Red Hat Bugzilla – Bug 924173
Firefox caches system certificate trust information
Last modified: 2013-03-22 06:43:45 EDT
Apparently, Firefox requires users to clear their per-user caches when a system trust changes (eg: when a certificate authority is blacklisted, etc.).
This prevents/complicates administrator managing of system trusted anchors and blacklists.
Kai has more details on this.
I think this bug report got filed because of a misunderstanding and is invalid.
The caching isn't related to trust. Firefox simply caches the displayed web pages, and might still show a https from the cache, without revalidating the cert, even if the trust of the cert has changed. If the web page cache is still valid, there is no SSL/TLS connection, no handshake and no cert validation.
Makes sense. Thanks for the clarification.
*** Bug 924172 has been marked as a duplicate of this bug. ***