Open
Bug 1486551
Opened 6 years ago
Updated 3 years ago
Turn cert revocation error pages into (non-overridable) certificate error pages
Categories
(Firefox :: Security, enhancement)
Tracking
()
NEW
Future
People
(Reporter: kathleen.a.wilson, Unassigned)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [cert-errors])
For other cert errors, you can click on the "More..." button to get an error code with a link, and when you click on the link it provides the Certificate Chain that you can "Copy text to clipboard", so you can figure out what's going on.
Please add this capability to the non-override-able errors, such as SEC_ERROR_REVOKED_CERTIFICATE
Not having this ability forces me to use a different browser to get the Certificate Chain info that I need.
Comment 1•6 years ago
|
||
Kathleen, Dana, does it make sense to rephrase this as "Make SEC_ERROR_REVOKED_CERTIFICATE a certificate error page"? Currently this seems to be treated as a neterror, which doesn't sound right to me.
Comment 2•6 years ago
|
||
Yes, but we have to be a bit careful: in the past, we've basically said "errors that result in net error pages are not overridable" and "errors that result in cert error pages are overridable (modulo HSTS)". If we make SEC_ERROR_REVOKED_CERTIFICATE and others result in the cert error page, we have to make sure it's never overridable and that our UI never makes it look like it could be overridable. (But to be clear, I think this is something we can and should do.)
Flags: needinfo?(dkeeler)
Comment 3•6 years ago
|
||
Ok, thanks, maybe we'll leave it phrased like this, for now.
Flags: needinfo?(kwilson)
Whiteboard: [cert-errors][triage]
Updated•6 years ago
|
Priority: -- → P3
Whiteboard: [cert-errors][triage] → [cert-errors]
Updated•6 years ago
|
status-firefox63:
affected → ---
Updated•6 years ago
|
Summary: Add ability to get cert chain from SEC_ERROR_REVOKED_CERTIFICATE error window → Turn cert revocation error pages into (non-overridable) certificate error pages
Updated•6 years ago
|
Target Milestone: --- → Future
Updated•4 years ago
|
Severity: normal → --
Type: defect → enhancement
Component: Security: PSM → Security
Priority: P3 → --
Product: Core → Firefox
If you look for a workaround, the given advice is to disable OCSP (or to switch to another browser), which makes an higher security issue than allowing a temporary bypass with a clear risk warning!
You need to log in
before you can comment on or make changes to this bug.
Description
•