FS#38107 - [firefox] considers cacert certificates as untrusted, even though ca-certificate is installed

Attached to Project: Arch Linux
Opened by Christophe-Marie Duquesne (duquesnc) - Wednesday, 11 December 2013, 20:48 GMT
Last edited by Evangelos Foutras (foutrelis) - Thursday, 12 December 2013, 16:21 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Jan Alexander Steffens (heftig)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Last firefox update (26.0-1) made it start ignoring the fact that I had the package ca-certificate installed. Consider my website: https://chmd.fr. Its certificate is signed with the root certificate of cacert.org. Before the update (and because I have installed the package ca-certificates), visiting this website did not prompt any warning. After this update, firefox started warning me that "the connection is untrusted [...] (Error code: sec_error_unknown_issuer)". Normally, because ca-certificates is installed, it should not prompt any warning.
This task depends upon

Closed by  Evangelos Foutras (foutrelis)
Thursday, 12 December 2013, 16:21 GMT
Reason for closing:  Fixed
Additional comments about closing:  firefox 26.0-2
Comment by Jan de Groot (JGC) - Thursday, 12 December 2013, 12:40 GMT
  • Field changed: Summary (Firefox considers cacert certificates as untrusted, even though ca-certificate is installed → [firefox] considers cacert certificates as untrusted, even though ca-certificate is installed)
  • Field changed: Status (Unconfirmed → Assigned)
  • Task assigned to Jan Alexander Steffens (heftig)
This is caused by the fact that firefox 26.0 has been compiled with lots of in-tree modules instead of using --with-system stuff. Jan, any explanation why you changed this?
Comment by Jan Alexander Steffens (heftig) - Thursday, 12 December 2013, 13:41 GMT
I ran into problem with the build system (headers weren't generated that should have been), which were worked around by removing the system libs.
Comment by Evangelos Foutras (foutrelis) - Thursday, 12 December 2013, 14:34 GMT
Builds fine for me on x86_64 with system libs.

I can release new packages, unless we want to also include a fix for  FS#38102 .

Loading...