Closed
Bug 1238519
Opened 8 years ago
Closed 8 years ago
Modify the cert error message when the local system clock is misconfigured
Categories
(Firefox :: General, defect, P3)
Firefox
General
Tracking
()
RESOLVED
DUPLICATE
of bug 712612
Tracking | Status | |
---|---|---|
firefox46 | --- | affected |
People
(Reporter: past, Unassigned)
References
Details
(Whiteboard: [fxprivacy])
Recently reported data from the Chrome team indicates that most certificate errors are caused by misconfigured client system clocks: https://docs.google.com/presentation/d/1Qmpl-5epx0B5C2t4XsUTyjgbwab_rXfK_4iHqX3IC30/pub?start=false&loop=false&delayms=3000#slide=id.gf44795496_0_1 It seems likely that Firefox users will not fare very differently, so there is a big opportunity to help our users here. What we could do is treat these[*] errors differently and use a heuristic to figure out if the local time is wrong and update the error message accordingly. The heuristic would work like this: in these cases Firefox performs a HEAD request to http://www.mozilla.org and parses the Date HTTP response header. If the certificate is valid according to that time but not the system time, then the message is updated to say that the system clock *is* wrong. Otherwise, Firefox reports that the server is misconfigured. Bug 1057120 contains a patch with a similar approach for Fennec. Potential further enhancements to the above include: 1) Display a link to a non-secure URL with instructions for updating the local time in the local platform. 2) Displaying a button to open the system dialog for date and time settings. 3) Use a local page for the Learn More link instead of opening SUMO, which could be unreachable in such cases. [*]: SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE and MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE
Comment 1•8 years ago
|
||
(In reply to Panos Astithas [:past] from comment #0) > 2) Displaying a button to open the system dialog for date and time settings. FWIW, this should be fairly easy on OS X; you just build and execute an NSAppleScript object with the source: tell application "System Preferences" activate set the current pane to pane id "com.apple.preference.datetime" end tell
Reporter | ||
Comment 2•8 years ago
|
||
Apparently there is already bug 712612 about this. Somehow I missed it in my last search.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•