Closed
Bug 1368631
Opened 8 years ago
Closed 7 years ago
don't offer to reset TLS preferences for certificate verification errors other than ERROR_CLASS_SSL_PROTOCOL
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: jarymut+dev, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170522070743
Steps to reproduce:
Open site (with expired certificate, but user [aka me] does not know this at this time).
Security error shows up saying "It looks like your network security settings might be causing this. Do you want the default settings to be restored?", SEC_ERROR_EXPIRED_CERTIFICATE.
Actual results:
After restoring default settings site does not load, there is security error SEC_ERROR_EXPIRED_CERTIFICATE, no surprise, certificate is still expired.
(Some?) user settings are lost.
Expected results:
Firefox shouldn't ask me to restore settings for errors that definitely won't be fixed that way.
Reporter | ||
Comment 1•8 years ago
|
||
Well, same thing happens for SSL_ERROR_BAD_CERT_DOMAIN (i.e. https://tv.eurosport.com/). Will changing/restoring ANY settings change domain? I don't think so.
Updated•8 years ago
|
Component: Untriaged → Security: PSM
Product: Firefox → Core
![]() |
||
Comment 2•8 years ago
|
||
This should only be offered for errors where nsINSSErrorsService.getErrorClass returns ERROR_CLASS_SSL_PROTOCOL.
Blocks: 1252068
Component: Security: PSM → Security
Product: Core → Firefox
Summary: Firefox is offering to restore default settings for expired certificate. → don't offer to reset TLS preferences for certificate verification errors
Updated•7 years ago
|
Summary: don't offer to reset TLS preferences for certificate verification errors → don't offer to reset TLS preferences for certificate verification errors other than ERROR_CLASS_SSL_PROTOCOL
Comment 3•7 years ago
|
||
Jonathan: the code you added for bug 1252068 may not be working as intended.
https://searchfox.org/mozilla-central/rev/184f0c7888dd6abb32235377693b7d1fc0b75ac1/browser/base/content/aboutNetError.xhtml#277
That said, I can't reproduce this. I modified the security settings we check for (tls version, security.ssl3.* ciphersuites) and opened the site in comment 2 and just get SSL_ERROR_BAD_CERT_DOMAIN with no option to reset prefs. Jarymut: can you still reproduce this?
Flags: needinfo?(jkt)
Flags: needinfo?(jarymut+dev)
Comment 4•7 years ago
|
||
Oh wow. That part gets hidden by CSS, did not know that. I assumed there were different error pages.
I'm using complete theme (FT Deepdark), it's shown there. But after switching to default theme it works properly - option to reset preferences is hidden.
So it works for me.
Comment 5•7 years ago
|
||
Great, there is other bugs filed for that reset button elsewhere but not this thankfully.
Thanks for checking :dveditz and also jarymut+bugzilla for folowing up!
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Flags: needinfo?(jkt)
Flags: needinfo?(jarymut+dev)
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•