[brlcad-tracker] [ brlcad-Bugs-3334234 ] web signup form won't display J/S captcha b/c bad SSL cert
Open Source Solid Modeling CAD
Brought to you by:
brlcad
From: SourceForge.net <no...@so...> - 2011-06-26 12:35:21
|
Bugs item #3334234, was opened at 2011-06-26 12:35 Message generated for change (Tracker Item Submitted) made by herrold You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=640802&aid=3334234&group_id=105292 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: R P Herrold (herrold) Assigned to: Nobody/Anonymous (nobody) Summary: web signup form won't display J/S captcha b/c bad SSL cert Initial Comment: The BRL-CAD web signup form won't display a JavaScript based captcha because of a bad SSL certificate under current Firefox Sign up form is at: http://brlcad.org/d/user/register Under Firefox on CentOS 5, updated to current, the captcha needed to sign up for the project is not displayed, because the SSL certificate used in the javascript redirect into Google's captcha is not known to the trusted CA issuer cache of Firefox. The HTML to generate captcha is to be obtailed and rendered via Javascript, but Firefox will not load such background Javascript content, because of the XSS class of exploits found in the wild, presently ... when the certificate is bad, this current versikon of Firefox properly declines to participate in a potential forgery As such, I cannot see, and thus answer this gateway question Firefox details: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rev:1.9.2.18) Gecko/20110622 CentOS/3.6-1.el5.centos Firefox/3.6.18 This is disabling in that it blocks the signup process screenshot attacked In coming to the defective page, I followed the following click path http://brlcad.org/ then click Log In / Create Account in teh upper right http://brlcad.org/d/user/login?destination=node then select LEFT Create Account folder tab http://brlcad.org/d/user/register ... which lacks a valid SSL certificate Captcha ... Such 'official' SSL certificates are ** free ** from Certificate Authority registrar entities such as StartSSL (and are recognised by the Mozilla Foundation as trusted under their formal review and CA inclusion process, and so flow into FireFox and other browsers), so there is really no reason for this problem to exist -- Russ herrold ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=640802&aid=3334234&group_id=105292 |