Bug 924173 - Firefox caches system certificate trust information
Firefox caches system certificate trust information
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Gecko Maintainer
Fedora Extras Quality Assurance
: 924172 (view as bug list)
Depends On:
Blocks: 466626 924186
  Show dependency treegraph
Reported: 2013-03-21 06:28 EDT by Stef Walter
Modified: 2013-03-22 06:43 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-03-21 11:42:52 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Stef Walter 2013-03-21 06:28:35 EDT
Apparently, Firefox requires users to clear their per-user caches when a system trust changes (eg: when a certificate authority is blacklisted, etc.).

This prevents/complicates administrator managing of system trusted anchors and blacklists.

Kai has more details on this.
Comment 1 Kai Engert (:kaie) 2013-03-21 11:33:01 EDT
I think this bug report got filed because of a misunderstanding and is invalid.

The caching isn't related to trust. Firefox simply caches the displayed web pages, and might still show a https from the cache, without revalidating the cert, even if the trust of the cert has changed. If the web page cache is still valid, there is no SSL/TLS connection, no handshake and no cert validation.
Comment 2 Stef Walter 2013-03-21 11:42:52 EDT
Makes sense. Thanks for the clarification.
Comment 3 Stef Walter 2013-03-22 06:40:42 EDT
*** Bug 924172 has been marked as a duplicate of this bug. ***
Comment 4 Martin Stransky 2013-03-22 06:43:45 EDT
*** Bug 924172 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.