No more SSL cert details?
Aerya last edited by Aerya
I use Vivaldi-snapshot 1.7.735.11-1 (Archlinux) and I'm looking for the SSL cert details we had, and I still have with Chromium btw, by clicking the padlock icon / Details.
Now I got a Google page (really useless one), but no more real and useful info about the current cert.
Any suggestion anyone?
New Snapshots may have bugs.
Yes, it is missing on all OS. Chrome 56 had removes this link, too! I dont kno why.
And Vivaldi herited from new chromium/56 code. The Vivaldi devs will fix this later.
In meantime open Developer tools, select tab Security and Hit View Certificate.
Aerya last edited by
Thank you @Gwen-Dragon
With new 1.11.901.3 Snapshot you can activate a link to these details.
Open vivaldi://flags/#show-cert-link and activate it.
Chas4 last edited by
I do hope it get reversed in Chromium as it can be a security issue (easy for a attacker to use a certificate they have and make a phishing site look like the real one (many people are badly taught to look for the padlock or https to see if a site is secured).
A few weeks ago I reported Apple & others an Apple phishing site that had a valid certificate. The end user sees a padlock and it shows as valid (the average user is not going to go dig in Developer tools then the Security tab and then Hit View Certificate).
The link (in lock popup) is back as enabled by default in Chromium 65 code.
Vivaldi may get it in next Stable.
@chas4 But really, a security issue?
No regular user can check if a certificate is really ok.
Valid is a nice hint. But not really trustable that the site behind the certificate is the same we wanted.
Chas4 last edited by
@gwen-dragon Good to know, I still like the way Opera (Presto based) showed the cert information (tho having it on the padlock icon is nice vs site preferences).
It is a security issue with hiding it as many recent attacks are using idn homograph attacks (characters look the same or similar to end users) https://blog.malwarebytes.com/101/2017/10/out-of-character-homograph-attacks-explained/
Some letters that look nearly identical, one common example in English is I and l (those are 2 different letters there but they look the same).
are using idn homograph attacks
Sorry, you are not really right – the mentioned homograph attack with idn is not working on Vivaldi. Punycode is not shown as regular characters!
But wait! Someone could make a cert for https://аmаzon.de/ (cyrillic a instead of ASCII a in it!) – you are right! But the URL shows up in Vivaldi as as
Nice background of old problem: http://www.cs.technion.ac.il/~gabr/papers/homograph.html