263595 – SSL Blacklist Add-On on firefox prints a warning about insecure Ca-certificate (md5) on https://bugs.gentoo.org/

Bug 263595 - SSL Blacklist Add-On on firefox prints a warning about insecure Ca-certificate (md5) on https://bugs.gentoo.org/

Summary: SSL Blacklist Add-On on firefox prints a warning about insecure Ca-certificat...

Status:	RESOLVED DUPLICATE of bug 256437

Alias:	None

Product:	Gentoo Infrastructure
Classification:	Unclassified
Component:	Bugzilla (show other bugs)
Hardware:	All Linux

Importance:	High critical
Assignee:	Bugzilla Admins

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-03-24 14:01 UTC by Matt
Modified:	2011-10-30 23:16 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt 2009-03-24 14:01:20 UTC

the SSL Blacklist Add-On on firefox warns about the ca-certificate https://bugs.gentoo.org uses being insecure

(see: http://blogs.zdnet.com/security/?p=2339)

(for a description of SSL Blacklist: http://www.codefromthe70s.org/sslblacklist.aspx)

Reproducible: Always



Expected Results:  
https://bugs.gentoo.org should at least have a sha1- or sha2-based ca-certificate and later if possible sha3

I marked this critical since it's a security problem and gentoo infrastructure has a high probability to be attacked/abused (subjective opinion)

thanks for your attention

Comment 1 Robin Johnson archtester

2009-03-25 00:54:00 UTC

Please search properly for bugs.

The blacklist is a !@#!@ piece of junk that doesn't recognize the different between the CA's certificate and the actual site's certificate.

Our site cert is SHA1, the CA is still on MD5. Read the original bug.

*** This bug has been marked as a duplicate of bug 256437 ***