Closed Bug 1120091 Opened 9 years ago Closed 8 years ago

An error referencing a non-existent variable in seamonkey2.31 produces an invalid certerror message, if attempt to view a page with an invalid certificate

Categories

(SeaMonkey :: Security, defect)

Product:
SeaMonkey
Component:
Security
Version:
SeaMonkey 2.31 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: andr55, Unassigned)

Details

The error message received is :
===
"Erreur d'analyse XML : entité non définie 
Emplacement : jar:file:///home/opt/mozsm2.31/omni.ja!/chrome/comm/content/communicator/certError.xhtml 
Numéro de ligne 52, Colonne 43 :

          <p id=""badStsCertExplanation"">&certerror.whatShouldIDo.badStsCertExplanation;</p>
------------------------------------------^"
=== (^ of last line under & of previous line)

which translates to :
===
"Error in XML analysis : entity not defined
Location : jar:file:///home/opt/mozsm2.31/omni.ja!/chrome/comm/content/communicator/certError.xhtml
Line number 52, Column 43 :"
=== (the last 2 lines are the same)

The path listed in the error message is the install location of seamonkey.

A comparison with sm2.30 shows that this line was added to the certError.xhtml file, the only change to the file.

In Iceape 2.31 (non-branded version of sm with a few errors corrected), the identical error message displays.

Opera 12.16 displays a Mozilla-like invalid certificate error message (in this case = certificate address not-matching page address), and when accepted, the targeted page displays.  (Note that the targeted page now redirects to another page, which it didn't before.)
The page tested is "https://en.zamanalwsl.net/".

Classified as severity=major since it blocks the display of any page with a certificate error,
 instead of displaying a normal message to the user, who could then optionally accept the certificate and view the page.

Classified as hardware=all, OS=all since the bug is expected to be indifferent to these factors, although my system is x86_64 on Linux.
Are you using the French localized version of SeaMonkey? Or are you using the en-US build with a French langauage pack?

The entity exists in the en-US locale:
http://hg.mozilla.org/comm-central/rev/b3c614a27da1#l3.12
Severity: major → normal
The short answer is both.
Seamonkey has the French localized version (from the Seamonkey download page).
Iceape, which is almost identical except the branding, contains the en-US locale, with a fr locale extension which I activated.

Your link just shows the en-US version of the same file where the error was found.  The variable specified is identical.

The error message is complaining that it wasn't defined (elsewhere in the code).
(In a .js or .xul or whatever file.  Or maybe in a binary file.)

It is a new line, so I suspect that this line was put in place before the back end code was ready.  Or maybe a transcription error when the line was moved from another file.
In any case, from your link, the error was introduced in the en-US file, then carried over to the other locales.

BTW, my sample web page for the error has been corrected.  It was translated, and for a few days it was being redirected to the original language, apparently causing the certificate error.
Do you face that problem with a en-US build of SeaMonkey *without* any language packs?
Also what is the version number of your french language pack?

I downloaded the v2.31 french language pack <ftp://ftp.mozilla.org/pub/mozilla.org/seamonkey/releases/2.31/langpack/seamonkey-2.31.fr.langpack.xpi>
And it definitely has the correct strings.
Unfortunately I don't have a site with an invalid certificate to test, since the site showing the problem has been corrected.  (As noted in the last paragraph of comment 2, it was a temporary problem which only lasted a few days.  It is a site that I've followed for quite a while, without previous problems.)
Note that I had no problems with any of many other sites at the time.

The version number of the language pack is 2.31.  (It is a global extension included with Iceape.  It only need be selected in the extension manager.)

Following your approach, I unpacked and searched the french language code embedded in omni, and indeed it has the correct strings.
As well, the identical strings are in the language pack in Iceape.
So the identical error messages make sense.

Maybe chrome:fr/locale/fr/communicator/certError.dtd
is somehow not in the scope of
chrome:comm/content/communicator/certError.xhtml ?

Do you know an easy to create an invalid certificate situation for testing ?
(In reply to andré from comment #4)
> 
> Maybe chrome:fr/locale/fr/communicator/certError.dtd
> is somehow not in the scope of
> chrome:comm/content/communicator/certError.xhtml ?

If that were the case you would be getting many more errors than this,

> Do you know an easy to create an invalid certificate situation for testing ?
No idea. Please google for "self signed certificates".
SeaMonkey 2.31 is obsolete.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.