[foaf-protocols] working on the logout problem

Henry Story henry.story at bblfish.net
Thu Sep 2 14:15:39 CEST 2010


Duh! I forgot to give you the URL for the code: http://github.com/bblfish/TLS_test

There is really only just one class that starts the server and deals with incoming requests.

http://github.com/bblfish/TLS_test/blob/master/src/main/java/net/bblfish/test/SSLTestServer.java

Prof. Chadwick pointed out to me that 

> Yes there are a set of standard error messages that can be sent (by either the browser or the server). These include
> 
>            bad_certificate(42),
>            unsupported_certificate(43),
>            certificate_revoked(44),
>            certificate_expired(45),
>            certificate_unknown(46),

I suppose that this is exactly what throwing those exceptions in Java generates. You can choose which exception you wish the server to throw at the next connection (after the session has been closed) by selecting it on the resulting form.

  I think we can use this to generate clear bug reports to the browser makers with a test case. Please let me know what results you get on browsers on your OS, or of course if there are bugs in the code, improvements that could be made, etc...

   Henry

On 1 Sep 2010, at 18:41, Henry Story wrote:

> Hi,
> 
> I have put together a little github java project to help us explore the logout problem. We can use this to file bug reports to the browser vendors. This is just a first attempt to explore the space with a minimal jetty browser. The README explains how it works.
> 
> What I have found so far could be useful:
>  - Chromium and Safari on OSX can be gotten to ask for a new certificate
>  - Firefox and Opera cannot. Even if the server tells them the certificate is broken (I think that is what is being done by throwing the exception) those browser send the same certificate. That is clearly an error, as even normal clients may choose by mistake an invalid certificate.
> 
>    But perhaps there are other tools we should be using. Any ideas? Looking for SSL Experts to help out here :-)
> 
> 	Henry



More information about the foaf-protocols mailing list