On Sun, Aug 14, 2011 at 10:05 AM, Florian Weimer <f...@deneb.enyo.de> wrote: > * Francois LUCAS: > >> I noticed a behavior that for my point of view looks strange in firefox >> certificate manager and I'm wondering if it's a bug or a feature. >> With firefox6, if I go into the certificate manager, under "Servers" tab, I >> find a list of 10 certificates which belong to "the USERTRUST Network" and >> really look like the famous Comodo ones (addons.mozilla.org, login.*.com, *. >> google.com and so on). > > It seems that these certificates are there so they can be marked > untrusted, thereby superseding the CA signature.
Yes, those certificates were added with explicit distrust settings. The patch is in NSS bug 642815: https://bugzilla.mozilla.org/show_bug.cgi?id=642815 If you select one of those certificates and click the "Edit Trust" button, you should see the "Do not trust the authenticity of this certificate" box checked. If you click the "View" button, the dialog should say "Could not verify this certificate for unknown reasons". Wan-Teh _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
