Closed
Bug 759010
Opened 12 years ago
Closed 12 years ago
providers from origins with invalid, expired or missing certificates still get installed.
Categories
(Firefox Graveyard :: SocialAPI, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: markh, Assigned: markh)
Details
Attachments
(1 file)
2.63 KB,
patch
|
mixedpuppy
:
review+
|
Details | Diff | Splinter Review |
They are silently installed - at a minimum they should only be installed after a scary warning. self-signed certs are another interesting case, but maybe that is different enough it should be in a new bug (or just allowed?) This is tested in browser_registry.js and currently marked as a "known failure".
Comment 1•12 years ago
|
||
My suggestion for now is to silently reject any manifest on a domain where the cert fails, include a bypass with the social.provider.devmode preference so we can test with our presumably self-signed mochitest server. We should then revisit this to see if it is worth having UX to deal with this. mcoates: what do you think?
Severity: normal → major
Assignee | ||
Comment 2•12 years ago
|
||
A patch that makes the tests work. The mochi server seems to have a real cert (or manages to pretend it does) so the devmode pref doesn't seem necessary at the moment.
Assignee: nobody → mhammond
Attachment #627831 -
Flags: review?(mixedpuppy)
Comment 3•12 years ago
|
||
Comment on attachment 627831 [details] [diff] [review] Check the SSL status of the manifest host still would like to be able to pref this off for development
Attachment #627831 -
Flags: review?(mixedpuppy) → review+
Assignee | ||
Comment 4•12 years ago
|
||
Fixed in git as [develop a3a0bcc]
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•5 years ago
|
Product: Firefox → Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•