One of the b.m.o. bugs I'm watching,
https://bugzilla.mozilla.org/show_bug.cgi?id=414887#c0 , had a link to
https://remora-reskin.stage.mozilla.com/en-US/firefox/search?status=4&q=%2525&cat=all
So (using Seamonkey "suiterunner") I decided to go and see what it was all
about.
Here's what I got:
-----
Secure Connection Failed
remora-reskin.stage.mozilla.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
* This could be a problem with the server's configuration, or it could be
someone trying to impersonate the server.
* If you have connected to this server successfully in the past, the
error may be temporary, and you can try again later.
Or you can add an exception...
-----
Strange... I clicked on the link nevertheless, and asked to see the
certificate. It is said to have been issued by "Mozilla Root CA" and its
"Issuer" section includes the following details:
E = [EMAIL PROTECTED]
CN = Mozilla Root CA
OU = Mozilla Corporation Root Certificate Services
O = Mozilla Corporation
L = Mountain View
ST = California
C = US
If I try to add it, I can't, because SeaMonkey asks me for "my LDAP username
and password", and AFAIK I don't have any.
So Mozilla products don't trust Mozilla certificates now? Who's playing funny
with whom, and why? There is something here I don't understand.
Note: If this remora-reskin URL is really some "restricted" site accessible
only to a select few people, IMHO the bug comments mentioning it ought to
mention it. In addition to the bug mentioned at top of this post (which is
currently NEW), there's also
https://bugzilla.mozilla.org/show_bug.cgi?id=396739#c13 (VERIFIED FIXED).
Neither of them has a security restriction AFAICT.
Best regards,
Tony.
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
