View Certificate Buttons Broken (CA certificates)


#1

Win 7 Ent. 64bit
Brave: 0.13.1
rev: 9dd06f9463d155291efdb419ad0df4c2df16b611
Muon: 2.0.18
libchromiumcontent: 54.0.2840.100
V8: 5.4.500.41
Node.js: 7.0.0
Update Channel: dev
os.platform: win32
os.release: 6.1.7601
os.arch: x64

(This problem is mentioned in another topic or two, but not addressed as the core problem. Also, please note: this post refers to a specific situation, a U.S. Govt. worksite, but can also apply at any company site, and even at your ISP level.)

Brave has an extremely unwieldy procedure to view certificates, requiring clicks on View, Toggle Dev Tools, Security Tab, View Certificate. The last click fails to do anything. If you want more detail, you have to Reload the web page, which also allows no inspection of the certificate.
I work by day on a government computer that requires browser installation of a special certificate that allows the government to be “man in the middle.” The GRC “fingerprinting” tool allows me to confirm whether or not that cert is in place, and it certainly is. In fact, if users want to use Firefox, they have to install that cert themselves. (It is installed across the LAN for IE and Chrome.) Note that so far, there is no such requirement for iOS, but it’s coming. (I’ve also confirmed that indeed, iOS browsers are still using authentic certificates, not the govt. substitute. An excellent tool for iOS is Tao Xu’s Inspect – Extension ~, combined with GRC page.)
In any case, because the problem of interception/decryption via certificate replacement almost certainly applies to millions of users who haven’t a clue, I suggest that Brave developers elevate priority on fixing View Certificate buttons, and publicize the reason why. I would also like to see the GRC tool automated, and be part of the browser security indicator in the URL field. Thank you.

https://www.grc.com/fingerprints.htm


#2

CC @brian for investigation


#3

The thread for this in our issue tracking is here:
https://github.com/brave/browser-laptop/issues/2611 and it’s a priority for our 1.0. Please feel free to weigh in extra details though if it’s not covered there. Thanks!


#4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.