Closed Bug 1238519 Opened 8 years ago Closed 8 years ago

Modify the cert error message when the local system clock is misconfigured

Categories

(Firefox :: General, defect, P3)

Product:
Firefox
Component:
General
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 712612
Tracking Flags:
Tracking Status
firefox46 --- affected

People

(Reporter: past, Unassigned)

References

Details

(Whiteboard: [fxprivacy]) 

Recently reported data from the Chrome team indicates that most certificate errors are caused by misconfigured client system clocks:

https://docs.google.com/presentation/d/1Qmpl-5epx0B5C2t4XsUTyjgbwab_rXfK_4iHqX3IC30/pub?start=false&loop=false&delayms=3000#slide=id.gf44795496_0_1

It seems likely that Firefox users will not fare very differently, so there is a big opportunity to help our users here. What we could do is treat these[*] errors  differently and use a heuristic to figure out if the local time is wrong and update the error message accordingly.

The heuristic would work like this: in these cases Firefox performs a HEAD request to http://www.mozilla.org and parses the Date HTTP response header. If the certificate is valid according to that time but not the system time, then the message is updated to say that the system clock *is* wrong. Otherwise, Firefox reports that the server is misconfigured. Bug 1057120 contains a patch with a similar approach for Fennec.

Potential further enhancements to the above include:

1) Display a link to a non-secure URL with instructions for updating the local time in the local platform.
2) Displaying a button to open the system dialog for date and time settings.
3) Use a local page for the Learn More link instead of opening SUMO, which could be unreachable in such cases.

[*]: SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE and MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE
Blocks: 1216897
(In reply to Panos Astithas [:past] from comment #0)
> 2) Displaying a button to open the system dialog for date and time settings.

FWIW, this should be fairly easy on OS X; you just build and execute an NSAppleScript object with the source:

 tell application "System Preferences"
   activate
   set the current pane to pane id "com.apple.preference.datetime"
 end tell
Apparently there is already bug 712612 about this. Somehow I missed it in my last search.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.