Closed
Bug 1011869
Opened 12 years ago
Closed 8 years ago
Cannot add certificate exception in certificate error/bad security page in email app
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: praveen, Unassigned)
Details
+++ This bug was initially created as a clone of Bug #846734 +++
We should implement the 'add certificate exception' buttons in certificate error page of b2g.
This even more important for email as many organizations have their own root can for email or people with their own mail servers use self signed certificates. I know there is a plan to build a certificate manager, but allowing exceptions should be implemented right now if Mozilla is serious about email apply. It is really painful to access mails on mobile browser.
Comment 1•12 years ago
|
||
Can you clarify what your request is here? This bug may already be a dupe. Existing bugs are:
- Provide a way to add certificates from system-ish UI, bug 769183 (and bug 867899 which it depends on). I suspect this is what you are referencing when you mention the certificate manager.
- Email bug 874346 deals with the issue as it relates to the email app. Practically speaking, it's really a question of how to/whether to expose whatever gets implemented in bug 769183 to the user. (Because of the risk to all users of adding an easy-to-use exception flow for just the few users using dubiously configured mail servers.)
A big question for us in bug 874346 is how wide-spread servers with effectively invalid certificates are and why those servers are using effectively invalid certificates. If you could provide more details about the situation you are experiencing, that would be useful.
A [bad security] exception is shown when system doesn't have root CA certificate to verify (autistici.organ has its own root CA certificate. Many organizations also have this, both companies I worked earlier had their own root CA). An option to add root CA would solve this. But still giving option to users to override would be good. There can be sufficiently verbose warning.
The second case is dreamhost.com (possibly other shared hosting providers as well). Their certificate is signed for mail.dreamhost.com but their documentation says mail.customdomain.tld should be used. In that cast domain won't match with certificate. Today I figured out I can directly use mail.dreamhost.com as hostname in mail configuration. Most people wouldn't be aware of this work around.
Third case would be for self signed certificates.
The option to override exception can be hidden in an advanced setting. Is certificate manager landing in 1.4?
This issue should now be closed as resolved (I don't have the right to do it myself)
At least with version 1.3 on my Peak device, if I browse a website with an invalid certificate, I have the details of why it is invalid, and can visit de site or add a permanent exception
Oops my bad : this issue is about the email app, not the browser. Sorry :-)
Comment 5•8 years ago
|
||
Firefox OS is not being worked on
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•