Closed Bug 1368631 Opened 8 years ago Closed 7 years ago

don't offer to reset TLS preferences for certificate verification errors other than ERROR_CLASS_SSL_PROTOCOL

Categories

(Firefox :: Security, defect)

53 Branch
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: jarymut+dev, Unassigned)

References

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0 Build ID: 20170522070743 Steps to reproduce: Open site (with expired certificate, but user [aka me] does not know this at this time). Security error shows up saying "It looks like your network security settings might be causing this. Do you want the default settings to be restored?", SEC_ERROR_EXPIRED_CERTIFICATE. Actual results: After restoring default settings site does not load, there is security error SEC_ERROR_EXPIRED_CERTIFICATE, no surprise, certificate is still expired. (Some?) user settings are lost. Expected results: Firefox shouldn't ask me to restore settings for errors that definitely won't be fixed that way.
Well, same thing happens for SSL_ERROR_BAD_CERT_DOMAIN (i.e. https://tv.eurosport.com/). Will changing/restoring ANY settings change domain? I don't think so.
Component: Untriaged → Security: PSM
Product: Firefox → Core
This should only be offered for errors where nsINSSErrorsService.getErrorClass returns ERROR_CLASS_SSL_PROTOCOL.
Blocks: 1252068
Component: Security: PSM → Security
Product: Core → Firefox
Summary: Firefox is offering to restore default settings for expired certificate. → don't offer to reset TLS preferences for certificate verification errors
Summary: don't offer to reset TLS preferences for certificate verification errors → don't offer to reset TLS preferences for certificate verification errors other than ERROR_CLASS_SSL_PROTOCOL
Jonathan: the code you added for bug 1252068 may not be working as intended. https://searchfox.org/mozilla-central/rev/184f0c7888dd6abb32235377693b7d1fc0b75ac1/browser/base/content/aboutNetError.xhtml#277 That said, I can't reproduce this. I modified the security settings we check for (tls version, security.ssl3.* ciphersuites) and opened the site in comment 2 and just get SSL_ERROR_BAD_CERT_DOMAIN with no option to reset prefs. Jarymut: can you still reproduce this?
Flags: needinfo?(jkt)
Flags: needinfo?(jarymut+dev)
Oh wow. That part gets hidden by CSS, did not know that. I assumed there were different error pages. I'm using complete theme (FT Deepdark), it's shown there. But after switching to default theme it works properly - option to reset preferences is hidden. So it works for me.
Great, there is other bugs filed for that reset button elsewhere but not this thankfully. Thanks for checking :dveditz and also jarymut+bugzilla for folowing up!
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Flags: needinfo?(jkt)
Flags: needinfo?(jarymut+dev)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.