Cyberduck Mountain Duck CLI

#6603 closed defect (fixed)

Trust exception for expired certificates not persisted

Reported by: stipers Owned by: yla
Priority: low Milestone: 4.3
Component: core Version: 4.2.1
Severity: normal Keywords: certificate expiry trust
Cc: Architecture:
Platform: Windows XP

Description

STEPS:

  • Create a WebDAV server using SSL with self-signed certificate.
  • Connect to the server using Cyberduck.
  • Cyberduck will complain about the self-signed certificate. Say it is OK, and tick the box to store this exception.

This is all good. Problems can arise though if you come back some time later and your self-signed certificate has expired.

When trying to connect now, with the expired certificate, Cyberduck will pop-up a message saying "This certificate is not valid." So first feature request arising is: It would be more helpful if, when the certificate is expired, it said, "This certificate has expired."

Also at this point you will get the option to connect anyway, and Cyberduck gives you a tick box to "Always trust." This is unhelpful in this context, because there is no 'always trust' effective option here - you can tick 'always trust' as much as you like and it will make no difference - Cyberduck will not let you always trust an expired certificate. (I wonder if this is what may be behind what some of the respondents were experiencing with issues #87 and #2938 - it had me going for a while.)

So second feature request arising is: In those cases where it is not possible to store an exception for that certificate (e.g. where the certificate has expired, as above), it would be best if the "Always trust" option was not offered (not there, or disabled).

Thank you!

Change History (5)

comment:1 follow-up: Changed on Mar 27, 2012 at 10:08:53 AM by dkocher

  • Summary changed from Better handling for expired certificates to Trust exception for expired certificates not persisted

What version of OS X are you running? The Always Trust feature is expected to work for expired certificates.

comment:2 in reply to: ↑ 1 Changed on Mar 27, 2012 at 12:35:58 PM by stipers

Replying to dkocher:

What version of OS X are you running? The Always Trust feature is expected to work for expired certificates.

Sorry, should have included that. Windows XP Pro SP3.

comment:3 Changed on Mar 27, 2012 at 1:02:24 PM by dkocher

  • Platform set to Windows XP

comment:4 Changed on Dec 19, 2012 at 12:50:32 PM by dkocher

  • Milestone set to 4.2.2
  • Owner set to yla
  • Type changed from enhancement to defect

comment:5 Changed on Dec 26, 2012 at 12:01:15 PM by yla

  • Resolution set to fixed
  • Status changed from new to closed

In r10721.

Note: See TracTickets for help on using tickets.
swiss made software