On 12/06/2011 11:34 AM, Justin Wood (Callek) wrote: > Desiree wrote: >> I have all Comodo related certs untrusted in all browsers since December >> 2008. I want to be alerted each time I go to a secure site that uses >> Comodo. I will then decide on a per site, one time only, exception basis if >> I wish to allow the exception or not. >> >> SM 2.5 has NO way to allow me to accept a Comodo cert used at Amazon.com >> when logging in there. The cert is for "images-na.ssl-images-amazon.com". I >> get an untrusted cert popup but all I can do is examine the cert. I cannot >> accept it. That means that I do get logged in because the main cert for >> Amazon is from Verisign and I have not disabled Verisign certs. But, because >> I cannot accept the Comodo cert on a one time basis, I have no images at >> Amazon after logging in. >> >> I have not tried other secure sites that use Comodo related certs with SM >> 2.5 but I would assume that I will not be able to use ANY of those sites >> with SM because there is no way to make a one time or permanent exception. >> >> Is this a known bug? >> >> >> > > Comodo has had issues and is explicitly blocked, if Amazon-na is using > them, you should contact amazon about the issue. This issue exists in > all current and updated webbrowsers.
Are they? If so how? I show them as an trusted authority in SM 2.6b2. And: http://www.mozilla.org/projects/security/certs/included/ <http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt> # 5826 # Certificate "Comodo AAA Services root" 5827 # 5828 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE 5829 CKA_TOKEN CK_BBOOL CK_TRUE 5830 CKA_PRIVATE CK_BBOOL CK_FALSE 5831 CKA_MODIFIABLE CK_BBOOL CK_FALSE 5832 CKA_LABEL UTF8 "Comodo AAA Services root" 5833 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 5834 CKA_SUBJECT MULTILINE_OCTAL etc. I would think if they were blocked, they would have a entry similar to diginotar: <http://www.mozilla.org/projects/security/certs/included/#DigiNotar%20%28DISABLED%29> <http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt> # 22439 # Certificate "Explicitly Distrust DigiNotar Root CA" 22440 # 22441 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE 22442 CKA_TOKEN CK_BBOOL CK_TRUE 22443 CKA_PRIVATE CK_BBOOL CK_FALSE 22444 CKA_MODIFIABLE CK_BBOOL CK_FALSE 22445 CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Root CA" 22446 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
