Handle self-signed certificates when browsing

RESOLVED FIXED in 4.0

Status

()

defect
RESOLVED FIXED
4 years ago
3 years ago

People

(Reporter: rnewman, Assigned: bnicholson)

Tracking

(Depends on 1 bug, {compat})

unspecified
All
iOS
Dependency tree / graph

Firefox Tracking Flags

(fxios-v1.1 affected, fxios-v4.0 fixed, fxios4.0+)

Details

Attachments

(1 attachment)

We should allow the user to do everything they do on desktop: add a permanent exception, view the certificate, or temporarily ignore the error.

Supporting self-signed certs in Sync is not exactly covered by this bug.
Duplicate of this bug: 1148487
Seeing this on ios-feedback
tracking-fxios: --- → ?
Keywords: compat
tracking-fxios: ? → ---
Whiteboard: tracking-1.1
Just a heads up, WKWebView cannot currently handle self-signed certificates (I happened to stumbled upon this while working on a project with WKWebView where I want to use self-signed certs for internal testing): https://twitter.com/wkwebview/status/542363586958745600
Fixed in iOS 9 as navigating to pages with self-signed certificates now call didReceiveAuthenticationChallenge on WKNavigationDelegate so you can manually decide how to handle self-signed certificates.
Yes, in iOS9 we now have the option to do custom certificate validation and accepting self-signed certificates can most likely be build on top of that.

We have a bigger plan of pulling in the Mozilla certificate validation code, but feel free to experiment with this to find out how well that new API works.
OS: iOS 8 → iOS
Whiteboard: tracking-1.1
Going to investigate and breakdown for a potential mentor/contributor bug.
Flags: needinfo?(sleroux)
Duplicate of this bug: 1224265
Flags: needinfo?(sleroux)
Did any of this land? If not, can we break this down?
Flags: needinfo?(sarentz)
Not sure why this is tracking 2.0. This is way too complex for 2.0. I'm moving it to + and I also have a plan to deal with all things related to custom cert validation but nothing is documented in bugs yet.
Flags: needinfo?(sarentz)
Assignee: nobody → bnicholson
Status: NEW → ASSIGNED
Going to split this into two bugs. This one will be about accepting certs, storing them in memory, and adding the simple accept/reject UI. The follow-up will add disk storage, including clearing the certs in settings.

This one is mostly ready, but I want to do a bit more testing and add some test cases before flagging review. I don't expect the UI to change, though, so flagging for ui-review.
Attachment #8733640 - Flags: ui-review?(randersen)
Depends on: 1259284
Robin, are the mocks at [1] finalized, or are things still in flux as we try to sync up with desktop? If the latter, do you think we could ship your earlier mocks (currently used in this PR) for 4.0, then converge with updated designs for 5.0?

[1] https://docs.google.com/a/mozilla.com/document/d/1Wnr0tqAX38DXz_o9pQbU7SMrsbvMUoJupbISm1r3DUU/edit?usp=sharing
Flags: needinfo?(randersen)
Brian, the mocks have been updated (as of 20:08 this evening) and we should be going with a webview template, based on my mocks and not waiting for Desktop for 4.0
Flags: needinfo?(randersen)
Comment on attachment 8733640 [details] [review]
Link to Github pull-request: https://github.com/mozilla/firefox-ios/pull/1658

Functionality-wise, I think this PR is ready to land. It adds support for cert exceptions using the error page UI. This doesn't include permanent exceptions (bug 1259284); I'll try to have that bug up by tomorrow.

The error page isn't at all styled/polished yet, but I'd like to land this so we can have the functionality/strings before 4.0. I figure we can iterate on the error page design on the stabilization branch since it's just tweaking HTML/CSS.

Robin, can you double-check that the strings are all good to go? No ui-review yet -- I know the page looks hideous :)
Attachment #8733640 - Flags: ui-review?(randersen)
Attachment #8733640 - Flags: review?(sleroux)
Attachment #8733640 - Flags: feedback?
Attachment #8733640 - Flags: feedback? → feedback?(randersen)
Depends on: 1262287
Comment on attachment 8733640 [details] [review]
Link to Github pull-request: https://github.com/mozilla/firefox-ios/pull/1658

One change: "Proceed if you accept the [+]potential risk[-]s".
Attachment #8733640 - Flags: feedback?(randersen) → feedback+
Comment on attachment 8733640 [details] [review]
Link to Github pull-request: https://github.com/mozilla/firefox-ios/pull/1658

Looks good! Just one edge case bug I found related to the history stack.
Attachment #8733640 - Flags: feedback+
Comment on attachment 8733640 [details] [review]
Link to Github pull-request: https://github.com/mozilla/firefox-ios/pull/1658

LGTM!
Attachment #8733640 - Flags: review?(sleroux) → review+
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.