Closed Bug 1684796 Opened 4 years ago Closed 4 years ago

Add support for self-signed certificate DANE override.

Categories

(Core :: Security: PSM, enhancement)

Product:
Core
Component:
Security: PSM
Version:
78 Branch
Type:
enhancement

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1077323

People

(Reporter: u677327, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

Vist a website that uses a self-signed certificate.

Actual results:

A warning is shown and an exception is allowed if the site is not using HSTS.

Expected results:

DANE should be used to check if the certificate is valid when it's not signed by a CA and it should treat the website as if it were signed by a CA if the DANE record matches, even if it uses HSTS.

DANE should be treated as a more trusted authority than a CA.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Security: PSM
Product: Firefox → Core
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.