[Webkit-unassigned] [Bug 196182] Using Application Cache on HTTPS websites breaks browser security indicators (e.g. webkit_web_view_get_tls_info()); CertificateInfo not properly cached
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Mar 24 13:29:15 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=196182
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ap at webkit.org,
| |bfulgham at webkit.org
--- Comment #4 from Alexey Proskuryakov <ap at webkit.org> ---
This is sort of correct behavior. Local cache cannot be trusted in the same ways as the origin server, and EV requirements in particular make online verification a must IIRC.
The exposure is not universal - mostly limited to revoked certificates I think - but real.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190324/e3128a96/attachment-0001.html>
More information about the webkit-unassigned
mailing list