WTF. is telling me my clock is ahead and needs to be corrected (wrong), rather than that the site's certificate is invalid.
Conversation
This is a standard Chromium feature but maybe they changed it to using an HTTPS server not providing a reliable time. IIRC, it's permitted to return a randomized value in the time value, so you really need to use a server that's explicitly going to keep supporting giving time.
1
1
Why would they trust the server's reported time over yours? This seems like a very broken attitude towards authority/trust.
1
1
You're misunderstanding what I'm saying. I'm not talking about the server you're connecting to but rather a server (or multiple) for sanity checking the local system time. Essentially, a time server, but with the time fetched via TLS.
The most common source of HTTPS errors in Chrome was determined to be an out of sync local clock, so when it encounters a certificate with an invalid date (expired or issued in the future), it has support for sanity checking the local system time via TLS to provide a notice.
1
1
Brave might have changed the domain from a Google server to one that didn't offer a strong guarantee of providing a correct TLS handshake time value. The server they used might have ended up having the wrong time, or it might randomize the field, which I think became permitted.
1
1
Show replies