os-x apple new browser Safari & squeakland broken..
Nevin Pratt
nevin at smalltalkpro.com
Wed Jan 8 00:22:06 UTC 2003
John M McIntosh wrote:
> Could not open the page
> “https://bountifulbaby.com/secure/checkout.ssp” because Safari could
> not establish a secure connection to the server “bountifulbaby.com”.
> Safari cannot verify the certificate used to check the identity of
> the website’s owner.
>
Thanks, John. In my opinion, Safari is broken. To completely reject a
page because the certificate signer isn't in the browser's internal
"Root CA" pool is just bogus.
As data points, the following browsers do the following things:
1. Mozilla on FreeBSD:
Responds similarly to Internet Explorer on Windows. Specifically, it
responds that "The certificate was issued by a certificate authority
that Mozilla does not recognize". It then gives you the opportunity to
view the certificate, and gives you the choice of whether to establish a
secure SSL session (i.e., "Continue") or not (i.e., "Cancel"). In my
opinion, this is the most rational way to handle it.
2. Internet Explorer shipped with Windows XP Pro:
Like Mozilla on FreeBSD. Warns you that the certificate signer is
not a known authority, but gives you a choice whether or not to accept
the certificate and establish a secure SSL session.
3. NetScape 7.01 on RedHat Linux 8.0:
Silently estables a secure connection using the certificate (this is
good for my wife's site, but a bad approach for the consumer)
4. Internet Explorer 5.1 on Mac:
Complains about not knowing the certicate signer, and utterly refuses
to establish a secure connection, but otherwise allows you to continue
(unsecurely) if you desire it. This is a bogus way for the browser to
handle it.
5. Safari on Mac:
Complains bitterly and utterly refuses to go forward.
Nevin
More information about the Squeak-dev
mailing list
|