Re: Security bounties on Web bugs

[Ekaterina Gerasimova <kittykat3756 gmail com>]

On 22/02/2015, Michael Catanzaro <mcatanzaro igalia com> wrote:
> On Sat, Feb 21, 2015 at 7:23 PM, Michael Heyns
> <mike bean heyns gmail com> wrote:
> > Hi Michael,
> >
> > Are you saying Epiphany has no plans to implement support for
> > untrusted/self-signed certificates?
> >
> > This is one of the main reasons we had to pull Epiphany from
> > workstations.
> >
> > Thanks a bunch,
> > Mike.
> Hi Mike,
>
> Kind of. If you don't want to see the security warning when visiting a
> site with an untrusted certificate, you should add the certificate to
> your operating system's trust store, then Epiphany will trust it like
> any other. Something like this should work (untested):
>
> $ sudo trust anchor /path/to/certificate.crt
>
> Now, to be clear, I do think we need UI to make doing that easy: users
> should not have to drop to the command line to trust a certificate in
> 2015. But I would rather see that work done in Seahorse, not Epiphany.
> Seahorse already has UI for certificate management, it just doesn't
> seem to work. Who knows, it might even be simple to fix (not sure).
>
> In any case, if you're running a managed/corporate environment,
> installing a certificate manually should not be any problem for you,
> and if you're not running a managed environment, you should not need to
> and should really think twice before doing so. That's why I haven't
> prioritized this issue. So as long as we're talking about reasons not
> to use Epiphany, that's not one I would pick. :)

There are two issues with this: firstly epiphany would depend on
seahorse and the second is that seahorse needs a lot more love than
it's been getting for a while.

I'm not sure how possible it is, but if seahorse is used, it would
still be best if the certificates could be added without leaving
epiphany.