From owner-freebsd-chromium@FreeBSD.ORG Sat Jan 5 17:45:25 2013 Return-Path: Delivered-To: freebsd-chromium@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 4369F6A8 for ; Sat, 5 Jan 2013 17:45:25 +0000 (UTC) (envelope-from fbsd@opal.com) Received: from mho-01-ewr.mailhop.org (mho-03-ewr.mailhop.org [204.13.248.66]) by mx1.freebsd.org (Postfix) with ESMTP id 10124907 for ; Sat, 5 Jan 2013 17:45:24 +0000 (UTC) Received: from pool-151-203-201-84.bos.east.verizon.net ([151.203.201.84] helo=homobox.opal.com) by mho-01-ewr.mailhop.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from ) id 1TrXo6-0006RV-9i; Sat, 05 Jan 2013 17:45:18 +0000 Received: from shibato (shibato.opal.com [IPv6:2001:470:8cb8:4:221:63ff:fe5a:c9a7]) (authenticated bits=0) by homobox.opal.com (8.14.4/8.14.4) with ESMTP id r05HjEK1017122 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sat, 5 Jan 2013 12:45:15 -0500 (EST) (envelope-from fbsd@opal.com) X-Mail-Handler: Dyn Standard SMTP by Dyn X-Originating-IP: 151.203.201.84 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/sendlabs/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX1/vIPVTpzyM3u3IvWtjREEK Date: Sat, 5 Jan 2013 12:45:13 -0500 From: "J.R. Oldroyd" To: Yuri Subject: Re: Why "Delete" button in "Certificate manager" is disables? Why certificates are prefilled? Message-ID: <20130105124513.29173323@shibato> In-Reply-To: <50E7D85F.4080006@rawbw.com> References: <50E7882A.1030302@rawbw.com> <20130104221348.34923f5a@shibato> <50E7D85F.4080006@rawbw.com> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.6; amd64-portbld-freebsd9.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (homobox.opal.com [IPv6:2001:470:8cb8:4::1]); Sat, 05 Jan 2013 12:45:15 -0500 (EST) X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, RP_MATCHES_RCVD shortcircuit=no autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on homobox.opal.com Cc: freebsd-chromium@freebsd.org X-BeenThere: freebsd-chromium@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: FreeBSD-specific Chromium issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jan 2013 17:45:25 -0000 On Fri, 04 Jan 2013 23:38:07 -0800 Yuri wrote: > On 01/04/2013 19:13, J.R. Oldroyd wrote: > > For certificates that were distributed with the browser, you can > > click the "Edit" button and disable the three Trust boxes which > > essentially turns off the certificate. > > For the matter of testing, I disabled all Thawte* certificates. > And https://google.com still shows without a problem and says that > its identity is verified by Thawte SGC CA. > > Yuri The certificate hierarchy for the google.com certificate shows that it is signed by the two "Verisign Class 3 Public Primary Certification Authority" certificates. If you uncheck the box for "Trust for verifying web sites" for these two certificates, then reload the https://google.com page, the browser is no longer able to verify the certificate. -jr