subject:"Bug#745835\: lynx\-cur\: certificate revocation is not checked"

Bug#745835: lynx-cur: certificate revocation is not checked

2015-05-03 Thread Vincent Lefevre

I forgot... On 2015-04-27 17:38:53 +0200, Axel Beckert wrote: > NOTES > > While HTTPS is supported, Lynx currently can't check certification > revocation lists and doesn't support the Online Certificate Status > Protocol (OCSP), hence it can't warn about websites using revoked >

Bug#745835: [pkg-lynx-maint] Bug#745835: lynx-cur: certificate revocation is not checked

2015-05-03 Thread Vincent Lefevre

Hi Axel! On 2015-05-01 03:11:58 +0200, Axel Beckert wrote: > Vincent Lefevre wrote: > > This problem still occurs. For a new testcase URL: > > > > lynx https://www.vinc17.net:4434/ > > > > does not give an error, contrary to Firefox. > > Short story: Not anymore in Sid. OK, I confirm. > Lon

Bug#745835: lynx-cur: certificate revocation is not checked

2015-04-27 Thread Vincent Lefevre

On 2015-04-27 17:38:53 +0200, Axel Beckert wrote: > NOTES > > While HTTPS is supported, Lynx currently can't check certification > revocation lists and doesn't support the Online Certificate Status > Protocol (OCSP), hence it can't warn about websites using revoked > SSL certific

Bug#745835: lynx-cur: certificate revocation is not checked

2015-04-27 Thread Axel Beckert

Hi Vincent, Vincent Lefevre wrote: > Perhaps I should have said "must". :-) > A problem related to that is that it is said nowhere in lynx > documentation that the revocation status is not checked. So, the > user has a false impression of security. Sure. And that can be fixed easily and also in

Bug#745835: lynx-cur: certificate revocation is not checked

2015-04-27 Thread Axel Beckert

Control: tag -1 - moreinfo + upstream Control: severity -1 important Hi Vincent, Vincent Lefevre wrote: > On 2015-04-27 14:49:15 +0200, Axel Beckert wrote: > > Vincent Lefevre wrote: > > > This problem still occurs. For a new testcase URL: > > > > > > lynx https://www.vinc17.net:4434/ > > > >

Bug#745835: lynx-cur: certificate revocation is not checked

2015-04-27 Thread Vincent Lefevre

On 2015-04-27 17:18:23 +0200, Axel Beckert wrote: > So this is basically an upstream feature request. > > I don't think a feature request which you yourself phrase with > "should" validates RC-severity, even if it's a security related > feature. Hence downgrading the severity to "important". Perh

Bug#745835: [pkg-lynx-maint] Bug#745835: lynx-cur: certificate revocation is not checked

2015-04-27 Thread Vincent Lefevre

Hi, On 2015-04-27 14:49:15 +0200, Axel Beckert wrote: > Vincent Lefevre wrote: > > This problem still occurs. For a new testcase URL: > > > > lynx https://www.vinc17.net:4434/ > > > > does not give an error, contrary to Firefox. > > JFTR: Works "fine" (i.e. without revocation warning) in Chro

Bug#745835: [pkg-lynx-maint] Bug#745835: lynx-cur: certificate revocation is not checked

2015-04-27 Thread Axel Beckert

Control: tag -1 + moreinfo Hi, Vincent Lefevre wrote: > This problem still occurs. For a new testcase URL: > > lynx https://www.vinc17.net:4434/ > > does not give an error, contrary to Firefox. JFTR: Works "fine" (i.e. without revocation warning) in Chromium (42.0.2311.90-2), too. But I don'

Bug#745835: lynx-cur: certificate revocation is not checked

2015-04-27 Thread Vincent Lefevre

Control: severity -1 serious Setting same severity as bug 752610 (which is also about certificate checking). -- Vincent Lefèvre - Web: 100% accessible validated (X)HTML - Blog: Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS

Bug#745835: lynx-cur: certificate revocation is not checked

2015-04-27 Thread Vincent Lefevre

Control: unmerge -1 Control: reopen -1 Control: found -1 2.8.9dev5-2 This problem still occurs. For a new testcase URL: lynx https://www.vinc17.net:4434/ does not give an error, contrary to Firefox. -- Vincent Lefèvre - Web: 100% accessible validated (X)HTML - Blog

Bug#745835: lynx-cur: certificate revocation is not checked

2014-04-26 Thread Vincent Lefevre

Control: severity -1 grave On 2014-04-26 10:29:28 -0400, Thomas Dickey wrote: > In > > https://www.debian.org/Bugs/Developer#severities > > the closest description is "important". (This couldn't allow a breakin > to the users's account which would be the justification for "grave"). https is ty

Bug#745835: lynx-cur: certificate revocation is not checked

2014-04-26 Thread Thomas Dickey

On Fri, Apr 25, 2014 at 07:41:31PM +0200, Vincent Lefevre wrote: > Package: lynx-cur > Version: 2.8.8pre5-1 > Severity: grave In https://www.debian.org/Bugs/Developer#severities the closest description is "important". (This couldn't allow a breakin to the users's account which would be the just

Bug#745835: lynx-cur: certificate revocation is not checked

2014-04-25 Thread Vincent Lefevre

Package: lynx-cur Version: 2.8.8pre5-1 Severity: grave Tags: security Justification: user security hole Certificate revocation is not checked: lynx opens https://www.cloudflarechallenge.com/ without any warning or error, contrary to Firefox (and to Chromium when the CRLSet is up-to-date). --

Bug#745835: lynx-cur: certificate revocation is not checked

Bug#745835: [pkg-lynx-maint] Bug#745835: lynx-cur: certificate revocation is not checked

Bug#745835: lynx-cur: certificate revocation is not checked

Bug#745835: lynx-cur: certificate revocation is not checked

Bug#745835: lynx-cur: certificate revocation is not checked

Bug#745835: lynx-cur: certificate revocation is not checked

Bug#745835: [pkg-lynx-maint] Bug#745835: lynx-cur: certificate revocation is not checked

Bug#745835: [pkg-lynx-maint] Bug#745835: lynx-cur: certificate revocation is not checked

Bug#745835: lynx-cur: certificate revocation is not checked

Bug#745835: lynx-cur: certificate revocation is not checked

Bug#745835: lynx-cur: certificate revocation is not checked

Bug#745835: lynx-cur: certificate revocation is not checked

Bug#745835: lynx-cur: certificate revocation is not checked

13 matches

Site Navigation

Mail list logo

Footer information