New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Android] CRLSets should be enabled by default #8553

Open

jumde opened this issue Mar 5, 2020 · 0 comments

Labels

OS/Android priority/P2 security

Contributor

jumde commented Mar 5, 2020

Description

CRLSets protects against revoked certificates. This component is not installed by default on android-core

Steps to reproduce

Navigate to brave://components, the version is 0.0.0.0
Navigate to https://revoked.badssl.com/

Actual result

No certificate error

Expected result

Certificate Error

Issue reproduces how often

Easily

Issue happens on

Current Play Store version?
Beta build? Yes

Device details

Install type (ARM, x86): arm
Device (Phone, Tablet, Phablet): Pixel 2
Android version: 10

Brave version

1.5.105

Website problems only

Does the issue resolve itself when disabling Brave Shields?
Does the issue resolve itself when disabling Brave Rewards?
Is the issue reproducible on the latest version of Chrome?

Additional information

jumde added OS/Android security labels

diracdeltas added the priority/P2 label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

You can’t perform that action at this time.