Bug 349832 - Security error when
Summary: Security error when
Status: RESOLVED FIXED
Alias: None
Product: www.kde.org
Classification: Websites
Component: general (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: kde-www mailing-list
URL: https://www.commit-digest.org
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-02 17:18 UTC by Toni Asensi Esteve
Modified: 2015-08-03 18:20 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
First error message (71.84 KB, image/png)
2015-07-02 17:19 UTC, Toni Asensi Esteve 		Details
Error message, with more information (104.48 KB, image/png)
2015-07-02 17:20 UTC, Toni Asensi Esteve 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Toni Asensi Esteve 2015-07-02 17:18:09 UTC 
Users that go to https://www.commit-digest.org (like me when following the instructions sent by   
"KDE Commit-Digest" <no-reply@enzyme.commit-digest.org>) see a "Privacy error" page, saying that "attackers might be trying to steal your information from www.commit-digest.com (for example, passwords, messages, or credit cards)", and that the certificate has been invalid for 58 days .

I'll attach a screenshot. In Spanish the text was:

La conexión no es privada

Es posible que los piratas informáticos estén intentando robar tu información de www.commit-digest.org (por ejemplo, contraseñas, mensajes o tarjetas de crédito). NET::ERR_CERT_DATE_INVALID

Opciones avanzadas                              Volver para estar a salvo

Este servidor no ha podido probar que su dominio es www.commit-digest.org, su certificado de seguridad caducó hace 58 día(s). Este problema puede deberse a una configuración incorrecta o a que un atacante haya interceptado la conexión. La hora actual del reloj de tu ordenador es jueves, 2 de julio de 2015. ¿Es correcta? Si no lo es, debes corregir la hora del sistema y, a continuación, actualizar esta página.

Acceder a www.commit-digest.org (sitio no seguro)


Reproducible: Always
Comment 1 Toni Asensi Esteve 2015-07-02 17:19:32 UTC 
Created attachment 93460 [details]
First error message
Comment 2 Toni Asensi Esteve 2015-07-02 17:20:24 UTC 
Created attachment 93461 [details]
Error message, with more information
Comment 3 Albert Astals Cid 2015-07-02 23:22:03 UTC 
We do not maintain commit digest, please report at https://github.com/dannyakakong/Commit-Digest
Comment 4 Ben Cooksley 2015-07-13 08:45:33 UTC 
The site itself is hosted on KDE servers, so we're kind of responsible for this. Unfortunately Danny owns the domain and won't transfer it or set the whois details to a shared address, so getting certs renewed is very difficult...
Comment 5 Toni Asensi Esteve 2015-07-17 22:54:50 UTC 
While this problem is solved (the security error is still seen in www.commit-digest.org), as Ben Cooksley confirmed that this is a problem with certificates (and related factors) and not with the [source code](https://github.com/dannyakakong/Commit-Digest): this bug has been verified, are we to change its status to "verified"?
Comment 6 Toni Asensi Esteve 2015-08-03 18:20:47 UTC 
Nowadays the problem is solved, thank you all.