certificate manager misleads users into thinking they can delete built-in roots
Categories
(Core :: Security: PSM, defect, P3)
Tracking
()
People
(Reporter: php4fan, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-backlog])
Attachments
(1 file)
5 years ago
(deleted),
image/png
|
Details |
Hi,
I couldn't reproduce with expired certifiate because I don't have one, but instead I reproduced with active certificate.
Steps to reproduce:
- Go to Settings, search for "certificates", click "view certificates"
- Make sure the tab "Authorities" is selected
- Select an active certificate
- Click "Delete" button
- Confirm -> Note that certificate is not displayed in the list.
- Open a website (gmail)
- Go back to Settings > View Certificates > "Authorities" tab
Actual results:
Deleted certificate is displayed in the list
Expected results:
Certificate should be deleted.
Hello,
Are you sure the certificate that you are deleting is one that can actually be deleted?
In my case I'm talking about user certificates (i.e. Your Certificates), which of course one should be able to delete.
I remember a different bug about Authority certificates that you are not supposed to be able to delete. In that case, the issue was that the interface would allow you to delete them, and they would disappear from the list as you describe, while the expected behavior would be an error message or not having the option to delete in the first place.
I ask just to make sure that you are not observing that issue which is a different one.
Comment 2•5 years ago
|
||
For built-in roots, you need to edit the trust and remove the trust bits rather than delete them, as they aren't actually stored in the database (and aren't thus delectable). The UX is not great and deserves attention.
Comment hidden (admin-reviewed) |
Updated•2 years ago
|
Description
•