Issue metadata
Sign in to add a comment
|
No SSL certificate warning is shown for expired certificates when downloading a file
Reported by
opitz.be...@gmail.com,
Feb 11 2018
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0 Steps to reproduce the problem: 1. Go to a site (with a valid SSL certificate) that links to downloads on an https-URL for which the certificate has expired, e.g. https://download.lineageos.org/extras links to https://mirrorbits.lineageos.org/su/addonsu-14.1-arm-signed.zip At the time of filing this issue, the mirrorbits certificate has expired. 2. Click a download link, e.g. the link for addonsu-14.1-arm-signed.zip 3. The file downloads without showing a warning. 4. If you had copied the link in step 2 and then manually opened it in a new tab, a security warning (NET::ERR_CERT_DATE_INVALID -> "Your connection is not private) would have been shown. What is the expected behavior? I would expect a security warning to be shown that prevents the download via an insecure connection. What went wrong? The download successfully completed via an insecure connection without a warning or prompt being shown. Did this work before? N/A Chrome version: 66.0.3342.0 (Official Build) (64-bit) Channel: n/a OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: 23.0.0.162
,
Feb 11 2018
Ok, that makes sense. Sorry for the wrong bug report then, I tried to check what you commented before reporting but must not have looked properly.
,
Feb 11 2018
No worries, it took me a few minutes to notice too. :)
,
May 21 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Feb 11 2018Status: WontFix (was: Unconfirmed)