Issue metadata
Sign in to add a comment
|
Security panel doesn't show active mixed content bullet if the cert is invalid. |
||||||||||||||||||||||||
Issue descriptionChrome 50.0.2661.18 OSX 10.11.3 What steps will reproduce the problem? (1) Visit https://expired.badssl.com/mixed/script/ (2) Click through the interstitial. (3) Click on the mixed content shield and enable mixed scripts. (4) Refresh (5) Open DevTools to the Security panel. What is the expected output? What do you see instead? Only the certificate error is shown. It should also show a red X next to "Active Mixed Content" like at https://mixed-script.badssl.com/
,
Aug 6 2016
,
Aug 9 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6b45bc6f0ae42a9bf00ff559b6ae21056e5f4e0c commit 6b45bc6f0ae42a9bf00ff559b6ae21056e5f4e0c Author: estark <estark@chromium.org> Date: Tue Aug 09 02:17:29 2016 Mark active mixed content even if there is a certificate error Previously, SSLPolicy did not mark a navigation entry with RAN_INSECURE_CONTENT if the entry had already been downgraded to a broken state (from a certificate error, for example). I'm not sure why this was -- maybe just an optimization. However, it was incorrect, as manifested in the DevTools security panel, where a broken-HTTPS page with active mixed content would show up as a certificate error but all resources served securely. (See bug for a screenshot.) BUG= 593950 Review-Url: https://codereview.chromium.org/2224693002 Cr-Commit-Position: refs/heads/master@{#410524} [modify] https://crrev.com/6b45bc6f0ae42a9bf00ff559b6ae21056e5f4e0c/chrome/browser/ssl/ssl_browser_tests.cc [modify] https://crrev.com/6b45bc6f0ae42a9bf00ff559b6ae21056e5f4e0c/content/browser/ssl/ssl_policy.cc
,
Aug 9 2016
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by pfeldman@chromium.org
, Jul 29 2016Status: Assigned (was: Available)