Closed Bug 1500464 Opened 6 years ago Closed 5 years ago

Hide local system clock message if update ping date matches the current date

Categories

(Firefox :: Security, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
Firefox 76
Tracking Status
firefox64 --- wontfix
firefox76 --- fixed

People

(Reporter: ekr, Assigned: gaurijove, Mentored)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

I went to https://blog.river-tiger.com/?default and got the following warning: "Your computer clock is set to October 19, 2018, 8:11 AM. Make sure your computer is set to the correct date, time, and time zone in your system settings, and then refresh blog.river-tiger.com." However, my clock is correct.
Previously (presumably in the version you were seeing) we were mentioning the possibility of a local clock skew very excessively on the error page for SEC_ERROR_EXPIRED_CERTIFICATE. This was rectified in bug 1500020. However, the sentence you are quoting here is still present on the error page, because we can not with absolute certainty detect a misconfigured system clock. In some cases we can (system clock is behind build date) and in those cases we do show a separate warning. We still want to point out the possibility of this scenario even when we might be wrong about it. I think the new copy makes it clear that it's just a possibility.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
I'm re-opening this until we resolve the underlying design question. But in this case the clock is correct, to within a second or two, so the problem is *clearly* that the certificate is expired. Rather than suggesting to the user that their computer is misconfigured, we should be checking to see if the clock is wrong, which we can do from the update ping, and only suggesting the clock explanation if it's plausible
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
The update ping is very unreliable (due to cached header values IIRC). When we were previously relying on it to figure out whether the clock was expired we received a ton of bugs and social media ridicule for all the false positives we produced. For this use case (trying to invalidate our assumption that the system clock is wrong) it sounds like something we could use, though. Still, unless we fix our server-side issues or adopt an alternate solution, we have to accept a level of uncertainty when dealing with time-related errors, which is why we have two levels of warnings. One for when we are 100% certain and the other (which you are seeing) for when we're not sure.
Priority: -- → P3
Summary: Inappropriate clock warning → Hide local system clock message if update ping date matches the current date

You can try this on https://expired.badssl.com/

Even though the system clock is correct, the error page shows the date and suggests fixing it. We can be a bit smarter about it, because we have some server information about the date, precisely the date difference and when the cert was last fetched.

We use it here: https://searchfox.org/mozilla-central/rev/dc0adc07db3df9431a0876156f50c65d580010cb/browser/actors/NetErrorChild.jsm#483-486

To complete this bug, we should find out

a) Is the server difference less than a day
b) Was the date last fetched less than 5 days ago

and then we should probably show this text instead of the existing warning: https://searchfox.org/mozilla-central/rev/dc0adc07db3df9431a0876156f50c65d580010cb/browser/locales/en-US/chrome/overrides/netError.dtd#179

Mentor: jhofmann

Hi Johann,
Phoenix here.
I would like to begin work on this.

Flags: needinfo?(jhofmann)

Great, let me know if you need any help!

Assignee: nobody → phoenixgyaan
Status: REOPENED → ASSIGNED
Flags: needinfo?(jhofmann)

Hey @johannh,I have a PR ready for this. Can I take this up as there is no activity from @PhoenixAbhishek?

Hi @srestha
Actually I am still on this, but if you already have a patch to fix this, I think it will be better to go ahead with that, as long as @johannh has another bug I can work on :)

@johannh, I am sorry for not updating on this one. I'll like to know on how to proceed here :)

Flags: needinfo?(jhofmann)

(In reply to PhoenixAbhishek from comment #8)

Hi @srestha
Actually I am still on this, but if you already have a patch to fix this, I think it will be better to go ahead with that, as long as @johannh has another bug I can work on :)

It's up to you. If you say that you'd rather not want to work on this bug, I'm happy to re-assign it. Would you like to look into bug 1521919?

@johannh, I am sorry for not updating on this one. I'll like to know on how to proceed here :)

What exactly are you stuck on?

Flags: needinfo?(jhofmann)

(In reply to Johann Hofmann [:johannh] from comment #9)

It's up to you. If you say that you'd rather not want to work on this bug, I'm happy to re-assign it. Would you like to look into bug 1521919?

I've looked at the bug, and would like to work on it.

What exactly are you stuck on?

Actually I has issues with my build and it took time to resolve those.

Flags: needinfo?(jhofmann)

Feel free to post your patch, Srestha.

Assignee: phoenixgyaan → nobody
Status: ASSIGNED → NEW
Flags: needinfo?(jhofmann)

Hi Johann, Can I please work on this?

Sure!

Assignee: nobody → asra.qadri
Status: NEW → ASSIGNED
Type: defect → enhancement

(In reply to Johann Hofmann [:johannh] from comment #13)

Sure!

Thank You:)

Unassigning due to inactivity. Let me know if you want to pick this up again.

Assignee: asra.qadri → nobody
Status: ASSIGNED → NEW
Assignee: nobody → gaurijove
Status: NEW → ASSIGNED

Submitted a patch. Do review and submit changes :)

Pushed by rgurzau@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8e84a9a4f6df Do not display local system clock message if update ping date matches the current date. r=nhnt11
Status: ASSIGNED → RESOLVED
Closed: 6 years ago5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 76
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: