Bug 924173 - Firefox caches system certificate trust information
Summary: Firefox caches system certificate trust information
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: 19
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Gecko Maintainer
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 924172 (view as bug list)
Depends On:
Blocks: 466626 924186
TreeView+ depends on / blocked
 
Reported: 2013-03-21 10:28 UTC by Stef Walter
Modified: 2013-03-22 10:43 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-03-21 15:42:52 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Stef Walter 2013-03-21 10:28:35 UTC
Apparently, Firefox requires users to clear their per-user caches when a system trust changes (eg: when a certificate authority is blacklisted, etc.).

This prevents/complicates administrator managing of system trusted anchors and blacklists.

Kai has more details on this.

Comment 1 Kai Engert (:kaie) (inactive account) 2013-03-21 15:33:01 UTC
I think this bug report got filed because of a misunderstanding and is invalid.

The caching isn't related to trust. Firefox simply caches the displayed web pages, and might still show a https from the cache, without revalidating the cert, even if the trust of the cert has changed. If the web page cache is still valid, there is no SSL/TLS connection, no handshake and no cert validation.

Comment 2 Stef Walter 2013-03-21 15:42:52 UTC
Makes sense. Thanks for the clarification.

Comment 3 Stef Walter 2013-03-22 10:40:42 UTC
*** Bug 924172 has been marked as a duplicate of this bug. ***

Comment 4 Martin Stransky 2013-03-22 10:43:45 UTC
*** Bug 924172 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.