Closed
Bug 91466
Opened 23 years ago
Closed 23 years ago
Unknown CA alert is horked
Categories
(Core Graveyard :: Security: UI, defect, P2)
Tracking
(Not tracked)
VERIFIED
FIXED
psm2.1
People
(Reporter: mpt, Assigned: hwaara)
References
()
Details
(Keywords: regression, Whiteboard: approved for 0.9.3 [ckritzer])
Attachments
(8 files, 1 obsolete file)
|
7.76 KB,
image/gif
|
Details | |
|
4.95 KB,
image/gif
|
Details | |
|
7.90 KB,
patch
|
Details | Diff | Splinter Review | |
|
4.89 KB,
image/gif
|
Details | |
|
8.08 KB,
patch
|
Details | Diff | Splinter Review | |
|
7.99 KB,
patch
|
Details | Diff | Splinter Review | |
|
7.98 KB,
patch
|
Details | Diff | Splinter Review | |
|
8.01 KB,
patch
|
Details | Diff | Splinter Review |
Before (Erh, attach as GIF this time)
Build: 2001071804, Mac OS 9.1
To reproduce:
1. Go to an URL which uses a secure certificate for which Mozilla does not
recognize the CA.
What you see:
+-----------------------------------------------------+
|::::::::::::: Security Error: Unknown CA ::::::::::::|
+-----------------------------------------------------+
| "monitor.inter-touch.net" is a web site that uses a |
| security certificate to identify itself. However, |
| Mozilla does not recognize the Certificate |
| Authority that issued this certificate. |
| |
| Although the Certificate Authority is unrecognized, |
| you can choose to explicitly accept the certificate |
| used by this web site. |
| |
| Before accepting this certificate, you should |
| examine this site's certificate carefully. |
| |
| Are you willing to accept this certificate for the |
| purpose of identifying the web site |
| "monitor.inter-touch.net"? |
| |
| ( ) Accept this certificate permanently |
| (*) Accept this certificate temporarily for this |
| session |
| ( ) Do not accept this certificate and do not |
| connect to this web site |
| ( View Certificate ) |
| |
| ( OK ) ( Cancel ) ( Help ) |
| |
| |
| |
| |
| |
+-----------------------------------------------------+
What was expected:
* An alert which looks like an alert, i.e. one which uses the /!\ icon and
does not have a title.
* Text short enough for people to bother reading, instead of coming to the
counter and asking me for help.
* Buttons, not radio buttons, used for commands.
* `OK' and `Cancel' buttons in the correct order and in the right corner of
the alert.
* Only 12 pixels space between the bottom of the `Cancel' button and the
bottom of the alert, not 40 pixels (see also bug 85809).
What you should see:
+-----------------------------------------------------+
|:::::::::::::::::::::::::::::::::::::::::::::::::::::|
+-----------------------------------------------------+
| . There is a problem with the security |
| /!\ certificate for "monitor.inter-touch.net". |
| """ Do you want to continue? |
| |
| (X) The certificate was issued by a |
| Certificate Authority which Mozilla does |
| not recognize. |
| |
| ( View _Certificate ) |
| |
| [ ] Remember this decision for _all |
| certificates from www.inter-touch.net |
| |
| [?] ( Cancel ) (( Continue )) |
+-----------------------------------------------------+personally i'd like a [ ] Remember this decision for all certificates with this _problem
|
Reporter | |
Comment 2•23 years ago
|
||
If that checkbox was a good idea, we shouldn't be putting up this alert at all in the first place.
|
Assignee | |
Comment 3•23 years ago
|
||
Note to bug owner: I am trying to fix this...
|
||
Comment 4•23 years ago
|
||
In which case, you can have it :-) If you stop working on it, assign it back to me. Gerv
Assignee: gervase.markham → hwaara
|
|
Assignee | |
Comment 5•23 years ago
|
||
Here is the new spec I and mpt came up with during an IRC session (some tradeoffs made, but overall, it's as good as the previous one IMHO): +-----------------------------------------------------+ |:::::::::::::::::::::::::::::::::::::::::::::::::::::| +-----------------------------------------------------+ | . There is a problem with the security | | /!\ certificate for "monitor.inter-touch.net". | | """ Do you want to continue? | | | | The certificate was issued by a | | Certificate Authority which Mozilla does | | not recognize. | | | | ( View _Certificate ) | | | | [ ] Always accept this certificate | | | | ( Help ) ( Cancel ) (( Continue )) | +-----------------------------------------------------+ I'm working hard on implementing every detail. It'll look gorgeous once it's finished!
|
||
Updated•23 years ago
|
Priority: -- → P2
Target Milestone: --- → 2.1
Version: unspecified → 2.0
|
|
Assignee | |
Comment 7•23 years ago
|
||
|
|
Assignee | |
Comment 8•23 years ago
|
||
|
|
Assignee | |
Comment 9•23 years ago
|
||
|
|
Assignee | |
Comment 10•23 years ago
|
||
|
||
Comment 11•23 years ago
|
||
I don't like 'always accept this certificate'
|
|
Reporter | |
Comment 12•23 years ago
|
||
Nor do I, now I think about it some more. (As opposed to ... Remember this certificate 50 % of the time?) Try: [ ] Remember this certificate permanently The Cancel/Continue button order is wrong on Windows, that probably needs to be fixed before this can be checked in.
|
|
Assignee | |
Comment 13•23 years ago
|
||
|
|
Assignee | |
Comment 14•23 years ago
|
||
|
|
Assignee | |
Comment 15•23 years ago
|
||
Got mpt's UI approval: <mpt> hwaara: That's gorgeous! And now I need r= and sr=. I want this in for 0.9.3 btw.
|
|
Assignee | |
Comment 16•23 years ago
|
||
|
||
Comment 17•23 years ago
|
||
sr=hewitt once hwaara makes one change I suggested to him via AIM
|
||
Comment 18•23 years ago
|
||
I'd like to reword the text at the top of the warning as follows: ---- There is a problem with the certificate that identifies "[cert subject name]". Do you want to continue? The certificate was issued by a certificate authority that [name of browser] does not recognize. ---- Reasoning: - Mostly the rest of the UI uses just "certificate" rather than "security certificates," which is a leftover from 4.x. - It may help to indicate that the certificate in question identifies the web site (as opposed to--possibly--a client cert that identifies the user to the web site). - "certificate authority" is lowercase most places, I think. Help will need changes to match the new design. But it should be shorter as a result, and hopefully fewer people will feel like they need it. I can give r=cotter on the revised text (as shown above, assuming nobody else has any objections), but don't trust me on the code.
|
|
Assignee | |
Comment 19•23 years ago
|
||
|
|
Assignee | |
Comment 20•23 years ago
|
||
javi promised to do a final review and checkin. thanks!
|
||
Comment 21•23 years ago
|
||
It seems that your patch doesn't set the key-bindings for return and ESC. Why aren't those set anymore?
|
|
Assignee | |
Comment 22•23 years ago
|
||
|
|
||
Comment 23•23 years ago
|
||
r=javi Will check in once tree opens.
a=dbaron on behalf of drivers for trunk checkin during 0.9.3 closure
Whiteboard: approved for 0.9.3
|
|
||
Comment 25•23 years ago
|
||
Patch checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
|
||
Comment 27•23 years ago
|
||
There are two problems with this patch: 1) I am not sure whether it was this patch, or something else, but accepting unknown certificates stopped working at all for me - both "Continue" and "Cancel" buttons in the new dialog behave exactly the same for me - Mozilla is not going to the site I want it to go. I tried it on several sites and it is 100% always reproducible, no matter whether I select "remember" or not. 2) Help button brings help window that explains the *old* dialog. I am using Build ID 2001072923 from mozilla.org RH7 RPMs on RH 7.1
Status: VERIFIED → REOPENED
OS: Mac System 9.x → All
Hardware: Macintosh → All
Resolution: FIXED → ---
|
|
||
Comment 28•23 years ago
|
||
works for me on Linux commercial build 2001080106.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → WORKSFORME
|
|
||
Comment 29•23 years ago
|
||
There is something very weird going on, because this is horked for me on my daily build on Linux. :(
|
|
||
Comment 30•23 years ago
|
||
I also see the same problem with "continue" not doing anything on another RedHat 7.1 machine running Build ID 2001072711 (from mozilla.org RPMs). Also, I assume that WFM was about problem 1, what about problem 2 (outdated help files)? P.S. The last time I saw a problem with something working in commercial builds, but not in RedHat 7 RPMs was when some variable was used uninitialized (I guess the commercial build compilers initiazes them anyway). Can this be the case here?
|
|
||
Comment 31•23 years ago
|
||
Severity => major since currently it's impossible to access sites with unknows CA on affected platforms.
Severity: normal → major
Keywords: regression
|
|
||
Comment 32•23 years ago
|
||
*** Bug 93045 has been marked as a duplicate of this bug. ***
|
|
||
Updated•23 years ago
|
Keywords: regression
|
|
Assignee | |
Comment 33•23 years ago
|
||
log a new bug please. i'll fix it when i'm back from my vacation.
|
|
Assignee | |
Comment 34•23 years ago
|
||
at least the ui's not horked any longer. ;) fixed.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → FIXED
|
|
||
Comment 35•23 years ago
|
||
I have reported the problem of an outdated help file - bug 94104 I can no longer repproduce the problem of "continue" not working on BuildId 2001080600. If somebody still can, please log a new bug on that and add a note to this bug.
|
||
Comment 36•23 years ago
|
||
*** Bug 94401 has been marked as a duplicate of this bug. ***
|
||
Comment 37•23 years ago
|
||
Marking VERIFIED FIXED on: Win2k 2001-08-10-10-trunk Commercial MacOSX 2001-08-10-05-trunk Commercial
Status: RESOLVED → VERIFIED
Whiteboard: approved for 0.9.3 → approved for 0.9.3 [ckritzer]
|
|
||
Comment 38•23 years ago
|
||
*** Bug 97871 has been marked as a duplicate of this bug. ***
|
||
Comment 39•23 years ago
|
||
Verified on build: 2001-09-13-0.9.4 platform: Win NT When attempting to load the site where CA is not recognized, the warning dialog does show up correctly.
|
||
Comment 40•21 years ago
|
||
Comment on attachment 43330 [details] [diff] [review] Before (screenshot) Since the mime type is wrong and a new attachment has been posted, this attachment is obsolete.
Attachment #43330 -
Attachment is obsolete: true
|
||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•