Bug#595813: https issues
On Sat, 10 Sep 2011 12:54:31 -0400 dbb wrote: > I think I may be experiencing this bug or possibly a similar one. Hi dbb, I am another user of the midori package. I am not sure that the bug you describe is really the one experienced by the original submitter of this bug report. If the original issue has vanished (as it seems to me), maybe we should re-title the bug report... > It > seems that midori always says that any SSL connection is "unverified" > at first (for all sites I've tried). On Twitter, for example, the URL > bar was colored red, and an information icon appeared on the right > side of the bar. When the pointer was hovered above the info icon, a > tooltip with the text "unverified" or so appeared. I clicked on this > icon, the page reloaded, and the info icon was replaced with a key > icon and tooltip changed to "verified and encrypted connection". On > some other sites, clicking on the icon would reload the page, but it > stayed "unverified". Later, I went back to some of these sites (like > gmail, duckduckgo) and they all had the verified key icon. I seem to be experiencing similar issues. The encryption verification status seems to randomly switch between "verified and encrypted connection" and "Not verified" when re-loading the page by clicking on the little-locker/(i) icon. Also, there does not seem to be a way to accept self-signed certificates or certificates which are signed by a non-famous CA. Midori seems to lack a proper certificate manager. Dear midori maintainer(s), can you reproduce the bug? Could you please forward it upstream, if appropriate? Thanks for your time. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpVXkdX3fDaV.pgp Description: PGP signature
Bug#595813: https issues
On mar., 2011-10-04 at 00:17 +0200, Francesco Poli wrote: > Also, there does not seem to be a way to accept self-signed > certificates or certificates which are signed by a non-famous CA. > Midori seems to lack a proper certificate manager. > > Dear midori maintainer(s), can you reproduce the bug? > Could you please forward it upstream, if appropriate? As already said multiple times, midori lacks any kind of correct x509 certificates management and verification, and upstream is well aware of that. But this has nothing to do with this bug. -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Bug#595813: https issues
On Tue, 04 Oct 2011 07:49:29 +0200 Yves-Alexis Perez wrote: > On mar., 2011-10-04 at 00:17 +0200, Francesco Poli wrote: > > Also, there does not seem to be a way to accept self-signed > > certificates or certificates which are signed by a non-famous CA. > > Midori seems to lack a proper certificate manager. > > > > Dear midori maintainer(s), can you reproduce the bug? > > Could you please forward it upstream, if appropriate? > > As already said multiple times, midori lacks any kind of correct x509 > certificates management and verification, Sorry, I am not aware of those multiple times when it was said that Midori lacks x509 certificate management and verification. Could you please be more specific? If you refer to bug #607497, well, this is not really clear to me. That bug is marked as found and fixed in the same version, and the report is claimed to be forwarded to a URL that currently leads me to a 404 error... Anyway, that bug report looks like a single time, not multiple times... ;-) > and upstream is well aware of > that. I apologize, but I didn't know that. I hadn't found any sign of that upstream awareness (apart from a forwarded URL that was 404ing me, I mean...). > But this has nothing to do with this bug. Do you mean that the issues I am experiencing have nothing to do with the bug reported by the original submitter (that is to say, the failed SSL handshake)? I agree: this is why I wrote | If the original issue has vanished (as it seems to me), maybe we should | re-title the bug report... What is the best course of action, in your opinion? Should I file the lack of SSL certificate management and verification as a separate bug report, so that you can properly forward it upstream? Or do you prefer re-titling and clarifying bug #607497 ? Should this bug (#595813) be closed, in the meanwhile? -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpNLsrHo2423.pgp Description: PGP signature
Bug#595813: https issues
On mar., 2011-10-04 at 23:37 +0200, Francesco Poli wrote: > > But this has nothing to do with this bug. > > Do you mean that the issues I am experiencing have nothing to do with > the bug reported by the original submitter (that is to say, the failed > SSL handshake)? > I agree: this is why I wrote > > | If the original issue has vanished (as it seems to me), maybe we > should > | re-title the bug report... Why exactly would you retitle the bug report? If this is related, then just follow up, if this is a new bug, just open a new one... > > > What is the best course of action, in your opinion? > Should I file the lack of SSL certificate management and verification > as a separate bug report, so that you can properly forward it > upstream? This is already done, see https://bugs.launchpad.net/midori/+bug/706857 > Or do you prefer re-titling and clarifying bug #607497 ? Yes. > Should this bug (#595813) be closed, in the meanwhile? Maybe, but please let the original reporter do it. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Bug#595813: https issues
On Wed, 05 Oct 2011 06:33:33 +0200 Yves-Alexis Perez wrote: > On mar., 2011-10-04 at 23:37 +0200, Francesco Poli wrote: > > > But this has nothing to do with this bug. > > > > Do you mean that the issues I am experiencing have nothing to do with > > the bug reported by the original submitter (that is to say, the failed > > SSL handshake)? > > I agree: this is why I wrote > > > > | If the original issue has vanished (as it seems to me), maybe we > > should > > | re-title the bug report... > > Why exactly would you retitle the bug report? If this is related, then > just follow up, if this is a new bug, just open a new one... You are right and I normally agree with this line of reasoning, except that, in the present case, I was following up to a follow up... ;-) > > > > > > What is the best course of action, in your opinion? > > > Should I file the lack of SSL certificate management and verification > > as a separate bug report, so that you can properly forward it > > upstream? > > This is already done, see https://bugs.launchpad.net/midori/+bug/706857 OK. > > > Or do you prefer re-titling and clarifying bug #607497 ? > > Yes. Fine, I'll add some information to bug #607497, then. > > > Should this bug (#595813) be closed, in the meanwhile? > > Maybe, but please let the original reporter do it. Sure, I usually try to avoid hi-jacking bug reports! ;-) However, since at least three people (you, dbb, and me) don't seem to experience the issues reported by the original submitter, I think that he should be contacted and kindly requested to check whether he's still able to reproduce the bug. In the meanwhile the bug could be tagged "unreproducible" and "moreinfo". In case the original submitter does not reply in a reasonable time frame, I think the bug report will have to be closed... Thanks a lot for your time and your kindness! -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpnqMMtU2xTb.pgp Description: PGP signature
Bug#595813: https issues
I think I may be experiencing this bug or possibly a similar one. It seems that midori always says that any SSL connection is "unverified" at first (for all sites I've tried). On Twitter, for example, the URL bar was colored red, and an information icon appeared on the right side of the bar. When the pointer was hovered above the info icon, a tooltip with the text "unverified" or so appeared. I clicked on this icon, the page reloaded, and the info icon was replaced with a key icon and tooltip changed to "verified and encrypted connection". On some other sites, clicking on the icon would reload the page, but it stayed "unverified". Later, I went back to some of these sites (like gmail, duckduckgo) and they all had the verified key icon. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
