RESOLVED INVALID 105701
Safari 6.02 cannot determine state of certificate chain with an untrusted root 
https://bugs.webkit.org/show_bug.cgi?id=105701
Summary Safari 6.02 cannot determine state of certificate chain with an untrusted root
Jeffrey Walton
Reported 2012-12-23 18:43:27 PST
This applies to a late 2012 MacBook Pro running OS X 10.8.x (fully patched): $ uname -a Darwin riemann.home.pvt 12.2.0 Darwin Kernel Version 12.2.0: Sat Aug 25 00:48:52 PDT 2012; root:xnu-2050.18.24~1/RELEASE_X86_64 x86_64 Safari version is 6.0.2 (8536.26.17). I don't see how to get the underlying version of WebKit. When I revoked trust on some Valicert certificates, I had problems visiting OWASP. Unfortunately, Safari did not display Valicert in the chain, and Safari displayed the chain as good even though it prompted me that "Safari cannot determine the identity of the site www.owasp.org. A full description with screen captures (including a truncated OpenSSL s_client fetch) is available at http://serverfault.com/questions/460527/apple-valicert-godaddy-safari-webkit-and-certificate-trust.
Attachments
Add attachment proposed patch, testcase, etc.
Jeffrey Walton
Comment 1 2012-12-23 19:49:59 PST
My apologies for not moving the images to WebKit.org. Its easier to understand the narrative with inline pictures. In this respect, Stack Exchange provides a very good quorum.
Alexey Proskuryakov
Comment 2 2013-01-02 10:21:27 PST
<rdar://problem/12944691>
David Kilzer (:ddkilzer)
Comment 3 2013-02-20 14:47:09 PST
Moving to RESOLVED/INVALID since this doesn't appear to be an issue with WebKit. The issue will be tracked by <rdar://problem/12944691> going forward.
Note You need to log in before you can comment on or make changes to this bug.