[Webkit-unassigned] [Bug 175025] [GTK] http://cwb.gov.tw/V7/service/email.htm renders a big white area

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Aug 2 01:16:01 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=175025

Michael Catanzaro <mcatanzaro at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |mcatanzaro at igalia.com
         Resolution|---                         |WONTFIX
            Summary|[Curl?]                     |[GTK]
                   |http://cwb.gov.tw/V7/servic |http://cwb.gov.tw/V7/servic
                   |e/email.htm renders a big   |e/email.htm renders a big
                   |white area                  |white area

--- Comment #9 from Michael Catanzaro <mcatanzaro at igalia.com> ---
Well you found the cause of the bug. The website uses an unacceptable TLS certificate. Blocking the content is the right thing to do.

(In reply to Alexey Proskuryakov from comment #7)
> Is this the Gtk port?

Yes. But we use libsoup and GnuTLS, not curl. Anyway, here's what I see:

$ gnutls-cli cwbebox.cwb.gov.tw
Processed 170 CA certificate(s).
Resolving 'cwbebox.cwb.gov.tw:443'...
Connecting to '210.69.218.8:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `serialNumber=0000000010027794,CN=cwbebox.cwb.gov.tw,OU=氣象資訊中心,OU=中央氣象局,OU=交通部,O=行政院,C=TW', issuer `OU=政府憑證管理中心,O=行政院,C=TW', serial 0x00a13d7515a490500d19564a35f3cf49e5, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-24 02:25:17 UTC', expires `2019-03-24 02:25:17 UTC', pin-sha256="iYGFHy+sDMqdkNvKu0JN13h/oD8lswYqdG0IYbbL7nc="
        Public Key ID:
                sha1:e470af0ce9b316f96fcf765de7643d95ca6d6318
                sha256:8981851f2fac0cca9d90dbcabb424dd7787fa03f25b3062a746d0861b6cbee77
        Public Key PIN:
                pin-sha256:iYGFHy+sDMqdkNvKu0JN13h/oD8lswYqdG0IYbbL7nc=
        Public key's random art:
                +--[ RSA 2048]----+
                |                 |
                |                 |
                |      . o       .|
                |       * .   E ..|
                |      o.S . . = o|
                |     .oo .   + **|
                |      ooo     o==|
                |      .o. ... . o|
                |     ..  o.oo.   |
                +-----------------+

- Certificate[1] info:
 - subject `OU=政府憑證管理中心,O=行政院,C=TW', issuer `O=Government Root Certification Authority,C=TW', serial 0x088dd2963b8b629c194e3200da77ce2c, RSA key 2048 bits, signed using RSA-SHA256, activated `2013-01-31 03:22:34 UTC', expires `2033-01-31 03:22:34 UTC', pin-sha256="FzYsw3F5sXqrO5ZKor860U99R15EqXICdbdvRCudfzI="
- Status: The certificate is NOT trusted. The certificate issuer is unknown. The certificate chain uses insecure algorithm. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** handshake has failed: Error in the certificate.

If GnuTLS accepted this chain, then we would need to debug why libsoup does not. But it doesn't, so I doubt there is any bug here.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170802/15cdc38a/attachment.html>

More information about the webkit-unassigned mailing list