Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#70251 - [nss] Certificate issue - Camerfirma CA
Attached to Project:
Arch Linux
Opened by Piscium (piscium) - Wednesday, 31 March 2021, 23:32 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 21 April 2021, 23:47 GMT
Opened by Piscium (piscium) - Wednesday, 31 March 2021, 23:32 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 21 April 2021, 23:47 GMT
|
DetailsDescription:
There is a certificate error when accessing some Portuguese web sites, for example: https://webapps.iapmei.pt/ This bug was reported here: https://bbs.archlinux.org/viewtopic.php?pid=1965253 On Arch this bug affects at least the following packages: Firefox, Chromium, Opera. The actual bug must be in another package, I have no idea which. This bug is Arch's only. Firefox on Windows works fine, and so do Xubuntu 20.04 and Fedora 33. Steps to reproduce: Click on the link, a page will be shown indicating a certificate error. |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Wednesday, 21 April 2021, 23:47 GMT
Reason for closing: Not a bug
Additional comments about closing: Un-trusting a certificate authority is not an accident, and the COVID sites using this certificate authority have had their 2 weeks to migrate.
Wednesday, 21 April 2021, 23:47 GMT
Reason for closing: Not a bug
Additional comments about closing: Un-trusting a certificate authority is not an accident, and the COVID sites using this certificate authority have had their 2 weeks to migrate.
The bug report noted in the commit is [2].
[1] https://github.com/nss-dev/nss/commit/c29eadf1dc940d3ddfc7654a66747b742296360e[/url] Bug 1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008'. r=KathleenWilson
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1692094
Google (chromium) stated their intent to give sites using this CA an extension:
https://groups.google.com/g/mozilla.dev.security.policy/c/dSeD3dgnpzk/m/EwZi2p48BwAJ
https://bugs.chromium.org/p/chromium/issues/detail?id=1194656
> As with any CA removal, we’ve continued to examine ecosystem progress. When appropriate, we've also reached out to specific organizations to understand any challenges that might significantly impact our users. While we actively discourage CAs and site operators from directly contacting us to request exceptions, we do reach out to organizations that may significantly affect a non-trivial number of users. This situation is particularly unique due to the global pandemic, as several Portugese and Spanish government websites related to COVID-19 are affected.
> We've received confirmation from these organizations that they are on track to migrate. These organizations have requested 1-2 additional weeks to replace their certificates, beyond the three months since the original announcement. Normally, we would not honor such requests, given the industry standard expectations around certificate replacement being doable in five days or less. However, the global pandemic has brought unique and unprecedented challenges. Given the importance of these websites in helping resolve this global health crisis, we’re inclined to provide that additional migration support under these circumstances.