Closed Bug 240496 Opened 21 years ago Closed 21 years ago

[FIXr]Signed jar file on https site shows as unsecured/unverified

Categories

(Core :: Networking, defect, P1)

Product:
Core
Component:
Networking
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.7final

People

(Reporter: bryan, Assigned: bzbarsky)

References

(
URL
)

Details

(Keywords: fixed1.7)

Attachments

(1 file, 2 obsolete files)

With that change
5.08 KB, patch
asa
: approval1.7+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7b) Gecko/20040316 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7b) Gecko/20040316 A signed jar file served from an https site does not show the padlock icon in the locked position and the Page Info "Security" tab indicates the connextion is no secured. Reproducible: Always Steps to Reproduce: 1. Open URL 2. The jar file will display a Hello World alert 3: Click on the padlock icon to view the security page info. Actual Results: Web Site Identity Not Verified -- Connection Not Encrypted Expected Results: Web Site Identity Verified -- Connection Encripted...
So are we keying off the URL scheme somewhere instead of keying off the nsIPrincipal?
Confirming. At first blush, the problem is: 464 nsJARChannel::GetSecurityInfo(nsISupports **aSecurityInfo) 465 { 466 *aSecurityInfo = nsnull; 467 return NS_OK; 468 } We probably need to keep around the security info from the load in nsJAR or something... I'm not familiar with how that part of the code works, really... anyone know enough to quickly do this?
Status: UNCONFIRMED → NEW
Ever confirmed: true
not off hand..
Attached patch Patch (obsolete) — Splinter Review
Wasn't too bad after all, since we don't use the jar cache here....
Attachment #146541 - Flags: superreview?(darin)
Attachment #146541 - Flags: review?(darin)
Comment on attachment 146541 [details] [diff] [review] Patch looks good, except i would forward the "context" parameter from OnStopRequest as well as the request. i think you can change your XXXbz to a NOTE that says that we indeed do not need to worry about mSecurityInfo in that case b/c that case applies to any URI that doesn't need to be downloaded in order to provide the resource as a nsIFile. r+sr=darin with that change.
Attachment #146541 - Flags: superreview?(darin)
Attachment #146541 - Flags: superreview+
Attachment #146541 - Flags: review?(darin)
Attachment #146541 - Flags: review+
Attached patch With those changes (obsolete) — Splinter Review
Attachment #146541 - Attachment is obsolete: true
Comment on attachment 146549 [details] [diff] [review] With those changes Could you give this a once-over?
Attachment #146549 - Flags: review?(darin)
Comment on attachment 146549 [details] [diff] [review] With those changes >+ if (channel) { >+ channel->GetSecurityInfo(getter_AddRefs(mSecurityInfo)); >+ } prevailing style in this file is no brackets when not needed. r=darin
Attachment #146549 - Flags: review?(darin) → review+
Attached patch With that changeSplinter Review
Assignee: darin → bzbarsky
Attachment #146549 - Attachment is obsolete: true
Status: NEW → ASSIGNED
OS: Windows 2000 → All
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.7final
Comment on attachment 146690 [details] [diff] [review] With that change Checked in on the trunk. I think we should take this on the 1.7 branch...
Attachment #146690 - Flags: approval1.7?
Summary: Signed jar file on https site shows as unsecured/unverified → [FIXr]Signed jar file on https site shows as unsecured/unverified
Comment on attachment 146690 [details] [diff] [review] With that change a=asa (on behalf of drivers) for checkin to 1.7
Attachment #146690 - Flags: approval1.7? → approval1.7+
Checked in on the branch.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Keywords: fixed1.7
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: