Issue metadata
Sign in to add a comment
|
When the certificate supplied by a webserver changes, the old security status, certificate and certificate path are still shown in open tabs
Reported by
burnc...@gmail.com,
Jan 17 2018
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 Steps to reproduce the problem: 1. Connect to webserver with "insecure" certificate path (e.g. sha 1). Note the strike-through https text. 2. Change the certificate on the server to an "acceptable" one. 3. Verify from separate system that the certificate is acceptable and the "<padlock> Secure" is displayed. 4. Refresh browser. Note that the strike-through https is still shown and that the old certificate and path are displayed when "view certificate" is chosen. What is the expected behavior? The secure status should be updated. One would assume that the connection to the webserver needs to redo a full SSL handshake. What went wrong? Is it being cached for open tabs? Is this a security issue? What happens when "downgrading" security? Did this work before? N/A Chrome version: 63.0.3239.132 Channel: stable OS Version: 10.0 Flash Version:
,
Jan 18 2018
burnce75@ - Thanks for filing the issue...!! Could you please provide a sample test file/url to test the issue from TE-end. This will help us in triaging the issue further. Thanks...!!
,
Jan 18 2018
This is working as intended. We reflect status from the cache that may affect the load. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by krajshree@chromium.org
, Jan 17 2018