Closed
Bug 1492424
Opened 6 years ago
Closed 6 years ago
Twitter's EV indicator is still visible on a TLS error page of a different domain if https:// is enforced by using the "HTTPS Already" extension
Categories
(Core :: Security: PSM, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla64
Tracking | Status | |
---|---|---|
geckoview62 | --- | unaffected |
firefox-esr60 | --- | unaffected |
firefox62 | --- | unaffected |
firefox63 | --- | unaffected |
firefox64 | --- | fixed |
People
(Reporter: jan, Assigned: keeler)
References
()
Details
(Keywords: nightly-community, regression, Whiteboard: [psm-assigned])
Attachments
(2 files)
1. Install https://addons.mozilla.org/en-US/firefox/addon/https-already/ 2. Open https://twitter.com/bcantrill/status/1042180114199375872 and click on the link
Reporter | ||
Comment 1•6 years ago
|
||
mozregression --good 2018-06-15 --bad 2018-09-18 -a https://addons.mozilla.org/en-US/firefox/addon/https-already/ -a https://twitter.com/bcantrill/status/1042180114199375872 > 12:57.67 INFO: Last good revision: 771b94d5ab5c7a5b0a42233bc2cc3b1b11553672 > 12:57.67 INFO: First bad revision: 5cfda4227c6a2301c05900ee40d710b2324fb4a9 > 12:57.67 INFO: Pushlog: > https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=771b94d5ab5c7a5b0a42233bc2cc3b1b11553672&tochange=5cfda4227c6a2301c05900ee40d710b2324fb4a9 > 5cfda4227c6a Dipen Patel — Bug 1468222 Consolidate nsISSLStatus info nsITransportSecurityInfo r=Gijs,snorp,jcj,mcmanus,sfraser,keeler,baku,ato
Blocks: 1468222
Has Regression Range: --- → yes
Has STR: --- → yes
status-firefox62:
--- → unaffected
status-firefox63:
--- → unaffected
status-firefox-esr60:
--- → unaffected
status-geckoview62:
--- → unaffected
Component: Site Identity and Permission Panels → Security: PSM
Flags: needinfo?(bugzilla)
Keywords: regression
Product: Firefox → Core
Reporter | ||
Comment 2•6 years ago
|
||
(And another bug might be of course that Twitter itself does not have an EV indicator.)
Assignee | ||
Comment 3•6 years ago
|
||
We used to be able to tell if the TLS handshake failed outright (e.g. the server isn't even speaking TLS) if SSLStatus was null in the nsITransportSecurityInfo. Now that they're one and the same, we have to check the securityState first (and null out the top level security info if it is STATE_IS_INSECURE).
Assignee: nobody → dkeeler
Flags: needinfo?(bugzilla)
Priority: -- → P1
Whiteboard: [psm-assigned]
Assignee | ||
Comment 4•6 years ago
|
||
The site identity security indicator machinery treats connections where the TLS handshake failed as insecure (also referred to as "unknown identity"). Before bug 1468222, such cases were easily detectable as the SSLStatus field of the relevant nsITransportSecurityInfo would be null. When we merged nsISSLStatus into nsITransportSecurityInfo, we didn't take this differentiation into account. This patch brings back the prior behavior by checking if the securityInfo's securityState indicates that the handshake failed (i.e. it is STATE_IS_INSECURE).
Comment 5•6 years ago
|
||
Comment on attachment 9010417 [details] bug 1492424 - check if the TLS handshake failed in nsSecureBrowserUIImpl r?Gijs :Gijs (he/him) has approved the revision.
Attachment #9010417 -
Flags: review+
Assignee | ||
Comment 6•6 years ago
|
||
Thanks for the reviews! https://treeherder.mozilla.org/#/jobs?repo=try&revision=efc570f15d8740a10f834646c2d410029318e877
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e7665879a630 check if the TLS handshake failed in nsSecureBrowserUIImpl r=Gijs
Comment 8•6 years ago
|
||
Backed out changeset e7665879a630 (bug 1492424) for failing at siteIdentity/browser_tls_handshake_failure.js on a CLOSED TREE Backout link: https://hg.mozilla.org/integration/autoland/rev/4cc3a72a0f00a3896aa4af9ab31f24ffdc3a9684 Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed,busted,exception&duplicate_jobs=visible&revision=e7665879a630451639a42a2d75383b24928b90a2 Log link: https://treeherder.mozilla.org/logviewer.html#?job_id=200553298&repo=autoland&lineNumber=2128 Log snippet: [task 2018-09-20T21:31:23.419Z] 21:31:23 INFO - TEST-START | browser/base/content/test/siteIdentity/browser_tls_handshake_failure.js [task 2018-09-20T21:31:23.742Z] 21:31:23 INFO - TEST-INFO | started process screentopng [task 2018-09-20T21:31:24.431Z] 21:31:24 INFO - TEST-INFO | screentopng: exit 0 [task 2018-09-20T21:31:24.433Z] 21:31:24 INFO - Buffered messages logged at 21:31:23 [task 2018-09-20T21:31:24.433Z] 21:31:24 INFO - Entering test bound [task 2018-09-20T21:31:24.434Z] 21:31:24 INFO - TEST-PASS | browser/base/content/test/siteIdentity/browser_tls_handshake_failure.js | identity should be secure before - [task 2018-09-20T21:31:24.435Z] 21:31:24 INFO - Buffered messages finished [task 2018-09-20T21:31:24.435Z] 21:31:24 INFO - TEST-UNEXPECTED-FAIL | browser/base/content/test/siteIdentity/browser_tls_handshake_failure.js | Uncaught exception - at chrome://browser/content/browser.js:1050 - Error: Must load with a triggering Principal [task 2018-09-20T21:31:24.437Z] 21:31:24 INFO - Stack trace: [task 2018-09-20T21:31:24.437Z] 21:31:24 INFO - _loadURI@chrome://browser/content/browser.js:1050:11 [task 2018-09-20T21:31:24.438Z] 21:31:24 INFO - @chrome://mochitests/content/browser/browser/base/content/test/siteIdentity/browser_tls_handshake_failure.js:19:5 [task 2018-09-20T21:31:24.440Z] 21:31:24 INFO - async*withNewTab@resource://testing-common/BrowserTestUtils.jsm:111:24 [task 2018-09-20T21:31:24.440Z] 21:31:24 INFO - async*@chrome://mochitests/content/browser/browser/base/content/test/siteIdentity/browser_tls_handshake_failure.js:13:9 [task 2018-09-20T21:31:24.441Z] 21:31:24 INFO - Async*Tester_execTest/<@chrome://mochikit/content/browser-test.js:1102:34 [task 2018-09-20T21:31:24.442Z] 21:31:24 INFO - async*Tester_execTest@chrome://mochikit/content/browser-test.js:1093:16 [task 2018-09-20T21:31:24.442Z] 21:31:24 INFO - nextTest/<@chrome://mochikit/content/browser-test.js:995:9 [task 2018-09-20T21:31:24.444Z] 21:31:24 INFO - SimpleTest.waitForFocus/waitForFocusInner/focusedOrLoaded/<@chrome://mochikit/content/tests/SimpleTest/SimpleTest.js:795:59 [task 2018-09-20T21:31:24.444Z] 21:31:24 INFO - Leaving test bound [task 2018-09-20T21:31:24.446Z] 21:31:24 INFO - GECKO(2491) | MEMORY STAT | vsize 628MB | residentFast 272MB | heapAllocated 91MB [task 2018-09-20T21:31:24.447Z] 21:31:24 INFO - TEST-OK | browser/base/content/test/siteIdentity/browser_tls_handshake_failure.js | took 329ms [task 2018-09-20T21:31:24.447Z] 21:31:24 INFO - Not taking screenshot here: see the one that was previously logged [task 2018-09-20T21:31:24.447Z] 21:31:24 INFO - TEST-UNEXPECTED-FAIL | browser/base/content/test/siteIdentity/browser_tls_handshake_failure.js | Found an unexpected tab at the end of test run: https://example.com/browser/browser/base/content/test/siteIdentity/dummy_page.html - [task 2018-09-20T21:31:24.448Z] 21:31:24 INFO - checking window state [task 2018-09-20T21:31:25.560Z] 21:31:25 INFO - GECKO(2491) | Completed ShutdownLeaks collections in process 2630 [task 2018-09-20T21:31:25.596Z] 21:31:25 INFO - GECKO(2491) | Completed ShutdownLeaks collections in process 2663 [task 2018-09-20T21:31:25.658Z] 21:31:25 INFO - GECKO(2491) | Completed ShutdownLeaks collections in process 2559 [task 2018-09-20T21:31:25.660Z] 21:31:25 INFO - GECKO(2491) | Completed ShutdownLeaks collections in process 2580 [task 2018-09-20T21:31:25.667Z] 21:31:25 INFO - GECKO(2491) | Completed ShutdownLeaks collections in process 2695 [task 2018-09-20T21:31:26.032Z] 21:31:26 INFO - GECKO(2491) | Completed ShutdownLeaks collections in process 2491 [task 2018-09-20T21:31:26.032Z] 21:31:26 INFO - TEST-START | Shutdown [task 2018-09-20T21:31:26.038Z] 21:31:26 INFO - Browser Chrome Test Summary [task 2018-09-20T21:31:26.038Z] 21:31:26 INFO - Passed: 1157 [task 2018-09-20T21:31:26.040Z] 21:31:26 INFO - Failed: 2 [task 2018-09-20T21:31:26.043Z] 21:31:26 INFO - Todo: 0 [task 2018-09-20T21:31:26.045Z] 21:31:26 INFO - Mode: e10s [task 2018-09-20T21:31:26.047Z] 21:31:26 INFO - *** End BrowserChrome Test Results *** [task 2018-09-20T21:31:26.423Z] 21:31:26 INFO - GECKO(2491) | 1537479086420 Marionette DEBUG Received observer notification xpcom-will-shutdown [task 2018-09-20T21:31:26.425Z] 21:31:26 INFO - GECKO(2491) | 1537479086420 Marionette INFO Stopped listening on port 2828 [task 2018-09-20T21:31:26.425Z] 21:31:26 INFO - GECKO(2491) | 1537479086421 Marionette DEBUG Remote service is inactive [task 2018-09-20T21:31:26.770Z] 21:31:26 INFO - TEST-INFO | Main app process: exit 0
Flags: needinfo?(dkeeler)
Assignee | ||
Comment 9•6 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=d531626dcc251aa43a08ce2920a3b55e3bb331e6
Flags: needinfo?(dkeeler)
Comment 10•6 years ago
|
||
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/dd183880461f check if the TLS handshake failed in nsSecureBrowserUIImpl r=Gijs
Comment 11•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/dd183880461f
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
You need to log in
before you can comment on or make changes to this bug.
Description
•