New issue
Advanced search Search tips

Issue 740659 link

Starred by 1 user
Status: Duplicate
Merged: issue 663971
Owner: ----
Closed: Jul 2017
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Security



Sign in to add a comment

certificate info vanished for https in omnibox

Reported by harschm...@gmail.com, Jul 10 2017 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36

Steps to reproduce the problem:
1. open https:// page 
2. try to check the certificate on lock symbol besides https
3. get a long menu of unrelated stuff
4. try "more information"
5. get a webpage, unrelated to the certificate, information seems to be some kind of "help"
6. give up on checking the certificate
7. browse unsecured, at least without knowing to whom the web site belongs

What is the expected behavior?
1. click lock
2. get certificate information

What went wrong?
Important information is hidden from the user. I remember you can also get this information in the debug tools somewhere, if you know how and search for it. Too far away. Drives me crazy since a while.

Did this work before? Yes 

Chrome version: 59.0.3071.109  Channel: n/a
OS Version: 59.0.3071.109 (Entwickler-Build) Built on Ubuntu , running on Ubuntu 16.04 (64-Bit)
Flash Version: -

Thanks for looking at it, please fix this issue. It is important to be able to look up the details of HTTPS connections, if your browser communicates to businesses.

Comment 1 by harschm...@gmail.com, Jul 10 2017 

This is impossible to communicate to users in support e.g. over phone.
Trains people to not take care.

Comment 2 by elawrence@chromium.org, Jul 10 2017

Mergedinto: 663971
Status: Duplicate (was: Unconfirmed)
This is Working as Intended. Developers can see the certificate information in the Developer Tools' Security panel. 

Training end users to manually examine certificates is generally not practical, necessary, or sufficient; the browser itself validates certificates are valid for the target origins.

Having said that, please see 
https://textslashplain.com/2017/05/02/inspecting-certificates-in-chrome/. Chrome 60 offers the option to restore the certificate link, and it's expected that this feature will be "on-by-default" for Chrome 62.
Project Member

Comment 3 by sheriffbot@chromium.org, Oct 17 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment