Description of problem: uzbl cannot login to secure webs because it cannot find required certificates. [pavel@localhost ~]$ uzbl-browser No bp log location saved, using default. [000:000] Cpu: 6.37.5, x4, 2399Mhz, 3745MB [000:000] Computer model: Not available [000:000] Browser XEmbed support present: 1 [000:000] Browser toolkit is Gtk2. [000:009] Using Gtk2 toolkit No bp log location saved, using default. [000:000] Cpu: 6.37.5, x4, 2399Mhz, 3745MB [000:000] Computer model: Not available java version "1.7.0_45" OpenJDK Runtime Environment (mageia-2.4.4.2.mga4-x86_64 u45-b15) OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode) (uzbl-core:5631): libsoup-WARNING **: Could not set SSL credentials from '/etc/ssl/certs/ca-certificates.crt': Failed to open file «/etc/ssl/certs/ca-certificates.crt»: File doesn't exist Version-Release number of selected component (if applicable): 0.0-0.20120514.3.mga4 How reproducible: Every time I try to login to a secure web Steps to Reproduce: 1. Open uzbl-browser or uzbl-tabbed 2. Browse to a secure web with login, like this one 3. Try to login. Connection is rejected Reproducible: Steps to Reproduce:
Summary: uzbl cannot login to secure (https) webs => uzbl browser's ca-certificates.crt file is missing
well looks not maintained so also some security bugs could be present... http://svnweb.mageia.org/packages/updates/4/uzbl/current/SPECS/uzbl.spec?view=log
Keywords: (none) => TriagedAssignee: bugsquad => alexanderWhiteboard: (none) => todrop?
I here that the assigne left the project
Assignee: alexander => bugsquad
It should be patched to look for ca-bundle.crt and require rootcerts. But looking at the log, it definitely looks like it should be dropped.
There are also some alternatives. Luakit is one of them, or use already packaged surf with tabbed tool to make a tabbed and simple browser.
Discovered that there is a property in uzbl's config file (~/.config/uzbl/config) to especify certificates file, so setting it to /etc/ssl/certs/ca-bundle.crt solves this issue. It would be a good idea to at least provide a default config adapted to this path, but this bug should be closed.
Mageia 4 changed to end-of-life (EOL) status on 2015-09-19. It is is no longer maintained, which means that it will not receive any further security or bug fix updates. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Mageia version. Bug Reporter: Thank you for reporting this issue and we are sorry that we weren't able to fix it before Mageia 4's end of life. If you are able to reproduce it against a later version of Mageia, you are encouraged to click on "Version" and change it against that version of Mageia. If it's valid in several versions, select the highest and add MGAxTOO in whiteboard for each other valid release. Example: it's valid in cauldron and Mageia 5, set to cauldron and add MGA5TOO. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Mageia release includes newer upstream software that fixes bugs or makes them obsolete. If you would like to help fixing bugs in the future, don't hesitate to join the packager team via our mentoring program [1] or join the teams that fit you most [2]. [1] https://wiki.mageia.org/en/Becoming_a_Mageia_Packager [2] http://www.mageia.org/contribute/
As announced over a month ago, Mageia 4 changed to end-of-life (EOL) status on 2015-09-19. It is is no longer maintained, which means that it will not receive any further security or bug fix updates. This issue may have been fixed in a later Mageia release, so, if you still see it and didn't already do so: please upgrade to Mageia 5 (or, if you read this much later than this is written: make sure you run a currently maintained Mageia version) If you are able to reproduce it against a maintained version of Mageia, you are encouraged to 1. reopen this bug report, by changing the "Status" from "RESOLVED - OLD" to "REOPENED" 2. click on "Version" and change it against that version of Mageia. If you know it's valid in several versions, select the highest and add MGAxTOO in whiteboard for each other valid release. Example: it's valid in cauldron and Mageia 5, set to cauldron and add MGA5TOO. 3. give as much relevant information as possible. If you're not an experienced bug reporter and have some time: please read this page: https://wiki.mageia.org/en/How_to_report_a_bug_properly If you see a similar issue, but are _not_sure_ it is the same, with the same cause, then please file a new bug report and mention this one in it (please include the bug number, too). If you would like to help fixing bugs in the future, don't hesitate to join the packager team via our mentoring program [1] or join the teams that fit you most [2]. [1] https://wiki.mageia.org/en/Becoming_a_Mageia_Packager [2] http://www.mageia.org/contribute/
Status: NEW => RESOLVEDResolution: (none) => OLD
Surf doesn't seem to have the scripting capabilities of uzbl. Also, checking the uzbl git commit log, there don't seem to be any security problems. Surely, the biggest security issue is the old version of Webkit that Mageia ships. You can look through the news of Webkit releases since 2.4.10 and see how many security-related bugs have been fixed. Of course, that also affects surf and all other Webkit-based browsers.
CC: (none) => zooplah