I noticed something is different about the openbsd 4.5 mozilla-firefox package vs say, kubuntu's build.
I set up paros (MITM proxy) with it's own cert (wildcard cert) signed by my cacert.pem file. I added this root cert to the openbsd firefox. I can go to https://mail.google.com without problems. In kubuntu - firefox 3.0.3, I did the same thing, pointed it at paros with the wildcard cert and inserted the same cacert.pem into kubuntu's firefox, when I go to another https site, I get the following: This Connection is Untrusted You have asked Firefox to connect Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. Technical Details mail.google.com uses an invalid security certificate. The certificate is only valid for * (Error code: ssl_error_bad_cert_domain) What is different about openbsd's build? Thanks! -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation. "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related
