[Webkit-unassigned] [Bug 266196] New: Certificate error for playstation.com signed by DigiCert but not other DigiCert signed sites

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Dec 10 14:34:33 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=266196

            Bug ID: 266196
           Summary: Certificate error for playstation.com signed by
                    DigiCert but not other DigiCert signed sites
           Product: WebKit
           Version: Other
          Hardware: Mac (Intel)
                OS: Linux
            Status: NEW
          Severity: Blocker
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: lastfuture at lastfuture.de
                CC: bugs-noreply at webkitgtk.org

Created attachment 468966

  --> https://bugs.webkit.org/attachment.cgi?id=468966&action=review

certificate error when trying to visit playstation.com

Gnome Web 45.1 as well as Tangram 3.0 which uses WebkitGTK do not recognize the signing authority DigiCert on the current certificate of playstation.com, despite the same certificate authority being accepted on other certificates like for duckduckgo.com

In contrast, Firefox 120 on the same system, a recent Ungoogled Chromium and even Safari 15 on macOS 10.15 have no problem regarding playstation.com's certificate as valid.

Since I couldn't find out where WebkitGTK takes its certificates from and it's a breaking bug in Tangram for me I'm reporting this here. For now I'm assuming the certificates are built into the engine somehow or the error is coming from somewhere within the engine, since my installation is less than two months old, very recently updated and other certificates signed by DigiCert or other authorities pose no problem.

Steps to reproduce this:
- install NixOS 23.11 stable with `services.xserver.desktopManager.gnome` enabled, which installs among other packages
  - `gnome.gnome-shell` "Core user interface for the GNOME 3 desktop" 45.1
  - `epiphany` "WebKit based web browser for GNOME" 45.1
- run "Web"
- try visiting "playstation.com" and get a certificate warning
- verify with any other https site that has a cert signed by a diffferent certificate authority, that certificates in general are working
- verify with any https site that has a cert signed by DigiCert specifically (like "duckduckgo.com") that DigiCert as a certificate authority is valid

I hope to find a resolution to this problem, as I really want to use Web and Tangram with playstation.com

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20231210/917bb8cf/attachment-0001.htm>

More information about the webkit-unassigned mailing list