From owner-freebsd-chromium@FreeBSD.ORG Sun Jan 6 04:10:17 2013 Return-Path: Delivered-To: freebsd-chromium@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 603DD944 for ; Sun, 6 Jan 2013 04:10:17 +0000 (UTC) (envelope-from fbsd@opal.com) Received: from mho-02-ewr.mailhop.org (mho-04-ewr.mailhop.org [204.13.248.74]) by mx1.freebsd.org (Postfix) with ESMTP id 2B45214E for ; Sun, 6 Jan 2013 04:10:16 +0000 (UTC) Received: from pool-151-203-201-84.bos.east.verizon.net ([151.203.201.84] helo=homobox.opal.com) by mho-02-ewr.mailhop.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from ) id 1TrhYo-000EWD-Ez; Sun, 06 Jan 2013 04:10:10 +0000 Received: from shibato (shibato.opal.com [IPv6:2001:470:8cb8:4:221:63ff:fe5a:c9a7]) (authenticated bits=0) by homobox.opal.com (8.14.4/8.14.4) with ESMTP id r064A6Ph021995 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sat, 5 Jan 2013 23:10:06 -0500 (EST) (envelope-from fbsd@opal.com) X-Mail-Handler: Dyn Standard SMTP by Dyn X-Originating-IP: 151.203.201.84 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/sendlabs/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX18JVi8t8uhuyaMeTioYVKFu Date: Sat, 5 Jan 2013 23:10:06 -0500 From: "J.R. Oldroyd" To: Yuri Subject: Re: Why "Delete" button in "Certificate manager" is disables? Why certificates are prefilled? Message-ID: <20130105231006.66dddb9d@shibato> In-Reply-To: <50E8F068.3070008@rawbw.com> References: <50E7882A.1030302@rawbw.com> <20130104221348.34923f5a@shibato> <50E7D85F.4080006@rawbw.com> <20130105124513.29173323@shibato> <50E8F068.3070008@rawbw.com> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.6; amd64-portbld-freebsd9.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (homobox.opal.com [IPv6:2001:470:8cb8:4::1]); Sat, 05 Jan 2013 23:10:07 -0500 (EST) X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, RP_MATCHES_RCVD shortcircuit=no autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on homobox.opal.com Cc: freebsd-chromium@freebsd.org X-BeenThere: freebsd-chromium@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: FreeBSD-specific Chromium issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jan 2013 04:10:17 -0000 On Sat, 05 Jan 2013 19:32:56 -0800 Yuri wrote: > > Ok, so there are two certificates in hierarchy for google.com: > Verisign on top and Thawte on the bottom. > I disabled Thawte. Shouldn't chrome say now that google.com is > verified by Verisign? > Currently it says: "The identity of this website has been verified by > Thawte SGC CA." > But Thawte certificate is disabled on my system! > I don't know how can people trust that chrome does the right thing > when disabled certificate is used for identity verification. > > Yuri Thawte has been a division of Verisign for a long time now. What you are seeing is a discrepancy between the descriptive texts used for the cert by the signing authority and chrome's built-in cert list. Don't go on the textual descriptions of the authorities. The fact that it shows "Thawte SCG CA" but that this is not one of the authorities listed under the Thawte entries in chrome's cert manager should give you a clue you are disabling the wrong certs. Use the certificates' serial numbers to figure out which authority to enable/disable. -jr