Closed
Bug 1486551
Opened 7 years ago
Closed 6 months ago
Turn cert revocation error pages into (non-overridable) certificate error pages
Categories
(Firefox :: Security, enhancement)
Tracking
()
RESOLVED
FIXED
Future
| Tracking | Status | |
|---|---|---|
| firefox137 | --- | fixed |
People
(Reporter: kathleen.a.wilson, Assigned: keeler)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [cert-errors])
Attachments
(1 file)
For other cert errors, you can click on the "More..." button to get an error code with a link, and when you click on the link it provides the Certificate Chain that you can "Copy text to clipboard", so you can figure out what's going on.
Please add this capability to the non-override-able errors, such as SEC_ERROR_REVOKED_CERTIFICATE
Not having this ability forces me to use a different browser to get the Certificate Chain info that I need.
|
||
Comment 1•7 years ago
|
||
Kathleen, Dana, does it make sense to rephrase this as "Make SEC_ERROR_REVOKED_CERTIFICATE a certificate error page"? Currently this seems to be treated as a neterror, which doesn't sound right to me.
|
Assignee | |
Comment 2•7 years ago
|
||
Yes, but we have to be a bit careful: in the past, we've basically said "errors that result in net error pages are not overridable" and "errors that result in cert error pages are overridable (modulo HSTS)". If we make SEC_ERROR_REVOKED_CERTIFICATE and others result in the cert error page, we have to make sure it's never overridable and that our UI never makes it look like it could be overridable. (But to be clear, I think this is something we can and should do.)
Flags: needinfo?(dkeeler)
|
|
||
Comment 3•7 years ago
|
||
Ok, thanks, maybe we'll leave it phrased like this, for now.
Flags: needinfo?(kwilson)
Whiteboard: [cert-errors][triage]
|
||
Updated•7 years ago
|
Priority: -- → P3
Whiteboard: [cert-errors][triage] → [cert-errors]
|
||
Updated•7 years ago
|
status-firefox63:
affected → ---
|
|
||
Updated•7 years ago
|
Summary: Add ability to get cert chain from SEC_ERROR_REVOKED_CERTIFICATE error window → Turn cert revocation error pages into (non-overridable) certificate error pages
|
|
||
Updated•7 years ago
|
Target Milestone: --- → Future
|
|
Assignee | |
Updated•5 years ago
|
Severity: normal → --
Type: defect → enhancement
Component: Security: PSM → Security
Priority: P3 → --
Product: Core → Firefox
| Comment hidden (off-topic) |
|
|
Assignee | |
Updated•6 months ago
|
Assignee: nobody → dkeeler
Severity: -- → N/A
|
|
Assignee | |
Comment 8•6 months ago
|
||
SEC_ERROR_REVOKED_CERTIFICATE is a certificate error, not a TLS protocol error.
This patch updates the categorization of this error while maintaining the
property that it cannot be overridden. This has the benefit of making it
possible to show more diagnostic information in the error page, which this
patch also adds.
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/0dd00b782978
turn cert revocation error pages into (non-overridable) certificate error pages r=jschanck,fluent-reviewers,webidl,bolsson,smaug
|
||
Comment 10•6 months ago
|
||
| bugherder | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•