SSL Certificate verification uses incorrect certificate when going through a proxy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox-3.5 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: firefox-3.5
I do network security testing using the Webscarab http request interceptor, and I found a difference in behavior between the Ubuntu 9.10 version and Windows version of Firefox 3.5.x. Under Windows, when connecting to an SSL site, firefox correctly notes an invalid certificate (generated by Webscarab). Clicking details and then permanently accept certificate allows the browser to continue. On Ubuntu, the same sequence appears to bypass the Proxy-generated certificate and check directly to the site. The result is even though I'm in the invalid certificate screen, it thinks the certificate is valid and will not allow the exception to be accepted.
Going to Preferences-
Ubuntu Release: 9.10
Ubuntu uname -a output: "Linux field1 2.6.31-16-generic #53-Ubuntu SMP Tue Dec 8 04:01:29 UTC 2009 i686 GNU/Linux"
apt-cache policy firefox output:
firefox:
Installed: 3.5.7+nobinonly
Candidate: 3.5.7+nobinonly
Version table:
*** 3.5.7+nobinonly
500 http://
500 http://
100 /var/lib/
3.
500 http://
ProblemType: Bug
Architecture: i386
Date: Sun Jan 31 11:06:12 2010
DistroRelease: Ubuntu 9.10
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
Package: firefox-3.5 3.5.7+nobinonly
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: firefox-3.5
Uname: Linux 2.6.31-16-generic i686
XsessionErrors:
(gnome-
(polkit-
(nautilus:1952): Eel-CRITICAL **: eel_preferences
(gnome-
(firefox:2078): GLib-WARNING **: g_set_prgname() called multiple times