Closed Bug 1277573 Opened 8 years ago Closed 8 years ago

clock time not properly detected on "connection not secure" error page

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
49 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox49 affected)

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox49 --- affected

People

(Reporter: philipp, Unassigned)

References

Details

i've just stumbled across a user post on reddit, where the new error message about a wrong system time (bug 712612) seemed to produce a wrong result (as it actually was 6/1/2016):

>A secure connection to wz2100.net isn’t possible because your clock appears to show the wrong time.
>Your computer thinks it is 6/1/2016, when it should be 5/3/2016. To fix this problem, change your date and time settings to match the correct time.
>wz2100.net uses an invalid security certificate.
>The certificate expired on Saturday, May 21, 2016 5:54 PM. The current time is Wednesday, June 01, 2016 10:50 PM.

https://www.reddit.com/r/firefox/comments/4m5649/how_do_i_get_firefox_to_ignore_untrusted/d3ss2d3
Mmh that is likely because the Kinto ping was last done on 5/3/2016. This is really a worst case situation because May 3 would indeed have the certificate be still valid. As long as we don't want to change our method of getting the correct date I see no way you can programmatically improve on that message in such a case. :/
Sorry I have to correct myself, the Kinto/blocklist ping method is fine. We only utilize the clock skew, not the last update time. This is not Kinto's fault. I'll try to contact the user about their clock skew preference, maybe that'll help us.
ok thanks, i understand - maybe it was just a one-off. we will probably see if there are more such occurrences once this reaches channels with a wider audience and if so maybe tweak our authoritative source of the time...
The user got back to me (!) and we found that their Kinto clock skew seemed to have updated in the meantime to only -2 seconds. This also fixed the error message to not show anything (because the time isn't off).

Because of that I'm strongly presuming that the Kinto preference was simply wrong (for whatever reason, maybe the user had a misconfigured time earlier). There's nothing we can do if that happens. I'll close this bug if nobody objects.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.