Use the same date/time format everywhere on cert error pages

RESOLVED FIXED in Firefox 68

Status

()

defect
P3
normal
RESOLVED FIXED
4 months ago
2 months ago

People

(Reporter: Franpa_999, Assigned: MonikaMaheshwari)

Tracking

(Blocks 1 bug)

65 Branch
Firefox 68
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox68 fixed)

Details

()

Attachments

(1 attachment)

Reporter

Description

4 months ago

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0

Steps to reproduce:

I visited https://channelawesome.com/category/videos/channelawesome/dougwalker/nostalgia-critic/

Actual results:

Firefox displays the following message, which clearly states the Security Certificate expires Monday, 25 February 2019, 12:11:10 PM and that the current time is Monday, 25 February 2019, 11:16 PM which is one hour before the certificate expires.

"channelawesome.com uses an invalid security certificate. The certificate expired on Monday, 25 February 2019, 12:11:10 pm. The current time is 25 February 2019, 11:16 pm. Error code: SEC_ERROR_EXPIRED_CERTIFICATE"

Expected results:

Firefox should not be telling me that a Security Certificate has both expired and hasn't expired. Either the Security Certificate expired or it didn't, it can't be both.

To me it seems the warning is being generated 1 hour ahead of the expiry time, which is an error.

If this has to do with timzones than the warning should mention what timezone the expiry time uses (preferably in GMT or UTC format).

Reporter

Comment 1

4 months ago

Oh also, why is the expiry time and the current time displayed in 2 different formats? Shouldn't they be displayed in the same format so you can easily compare them???

Updated

4 months ago
Component: Untriaged → Security: PSM
Product: Firefox → Core

Maybe a timezone display issue? I see The certificate expired on February 24, 2019, 6:11:10 PM GMT-8. The current time is February 25, 2019, 10:58 AM.

Component: Security: PSM → Security
Product: Core → Firefox
Summary: Security Certificate treated as expired when it has not expired → expired certificate warning page unclear: timezones not indicated?
Reporter

Comment 3

4 months ago

The website has possibly fixed its Security Certificate so I can't mess around with it anymore, but yes it looks like it isn't showing mention of a Timezone to me in the warning message.

"channelawesome.com uses an invalid security certificate. The certificate expired on Monday, 25 February 2019, 12:11:10 pm. The current time is 25 February 2019, 11:16 pm. Error code: SEC_ERROR_EXPIRED_CERTIFICATE"

is a verbatim quote of what I was shown.

Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Summary: expired certificate warning page unclear: timezones not indicated? → Use the same date/time format everywhere on cert error pages

Can I work on this issue?

Hi Monika, yeah, feel free to tackle this, do you need any pointers or do you already have an idea how to start? :)

Yes I am not able to locate where this message Firefox displays the following message, which clearly states the Security Certificate expires Monday, 25 February 2019, 12:11:10 PM and that the current time is Monday, 25 February 2019, 11:16 PM which is one hour before the certificate expires. is displayed in firefox.

Hmm, so, with the new certificate errors in 66 we removed the display of when the certificate expired from the advanced section, hence this bug is sort of invalid. But I think it's worth reconsidering that decision, since especially for advanced users there may be some merit in being able to quickly tell if the certificate has just expired, for example. Meridel, do you agree? Do you think you can modify the advanced section for expired certificates to include the expired time? (See https://expired.badssl.com/)

Assuming we do want to display both the expired time and current time, it would probably be a good idea to make this formatter be used everwhere: https://searchfox.org/mozilla-central/rev/69ace9da347adcc4a33c6fa3d8e074759b91068c/browser/actors/NetErrorChild.jsm#483-485

and maybe also switch it to "long" style to match the formatting in PSM code: https://searchfox.org/mozilla-central/rev/69ace9da347adcc4a33c6fa3d8e074759b91068c/security/manager/ssl/nsNSSCertValidity.cpp#51

Let's see what Meridel says :)

Flags: needinfo?(mwalkington)

Comment 8

2 months ago

Thanks for looping me in!

I am fine with adding the certificate expiration date for messages where this appears to be the cause. I wonder if we should also then include the date for situations in which the certificate is not yet valid?

Advanced copy would look be this:

Advanced...copy:

[Display this copy if certificate is EXPIRED according to computer clock]
Websites prove their identity via certificates, which are valid for a set time period. The certificate for example.com expired on[Date, time].

[Display this copy if certificate is NOT YET VALID according to computer clock:]
Websites prove their identity via certificates, which are valid for a set time period. The certificate for example.com will not be valid until [Date, time].

I am, at the same time, rethinking the hierarchy of our copy for this entire message...can you please confirm the most likely cause for the expired certificate error? Is it MOST LIKELY an expired certificate? or most likely that the user has their clock set wrong?

Flags: needinfo?(mwalkington) → needinfo?(jhofmann)

Thanks, that copy sounds good to me! Monika, do you think you can update the copy here?

(In reply to Meridel from comment #8)

I am, at the same time, rethinking the hierarchy of our copy for this entire message...can you please confirm the most likely cause for the expired certificate error? Is it MOST LIKELY an expired certificate? or most likely that the user has their clock set wrong?

I would say it's most likely an expired certificate, since we already have heuristics to detect the wrong system clock and show an entirely different error message then.

Flags: needinfo?(jhofmann)

Will start working on this after Bug 1499334. Can you look into that :)

Assignee: nobody → monikamaheshwari1996
Flags: needinfo?(wleung)
Flags: needinfo?(jhofmann)
Flags: needinfo?(wleung)

Sorry for the delay :)

Flags: needinfo?(jhofmann)

Comment 13

2 months ago

Looks like the nits haven't been addressed.

Keywords: checkin-needed

Sorry didn't saw that. :)

Comment 15

2 months ago

Pushed by ntim.bugs@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/348e15018884
Use the same date/time format everywhere on cert error pages r=johannh

Keywords: checkin-needed

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception&group_state=expanded&tochange=e8c59393c80952adfffd0be0de34c3ae7e48e36a&fromchange=348e150188840f913d58a89d2d591ab9ef572dd8&searchStr=browser%2Cchrome&selectedJob=242947931

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=242947931&repo=autoland&lineNumber=1693

Backout link: https://hg.mozilla.org/integration/autoland/rev/db876eab4bf0644ebdc5cae9bf726a6695cdeea0

[task 2019-04-26T18:12:13.739Z] 18:12:13 INFO - TEST-PASS | browser/base/content/test/about/browser_aboutCertError_clockSkew.js | URL found in error message -
[task 2019-04-26T18:12:13.740Z] 18:12:13 INFO - Buffered messages finished
[task 2019-04-26T18:12:13.742Z] 18:12:13 INFO - TEST-UNEXPECTED-FAIL | browser/base/content/test/about/browser_aboutCertError_clockSkew.js | Correct local date displayed -
[task 2019-04-26T18:12:13.744Z] 18:12:13 INFO - Stack trace:
[task 2019-04-26T18:12:13.745Z] 18:12:13 INFO - chrome://mochikit/content/browser-test.js:test_ok:1314
[task 2019-04-26T18:12:13.746Z] 18:12:13 INFO - chrome://mochitests/content/browser/browser/base/content/test/about/browser_aboutCertError_clockSkew.js:checkWrongSystemTimeWarning:73
[task 2019-04-26T18:12:13.748Z] 18:12:13 INFO - chrome://mochikit/content/browser-test.js:Tester_execTest/<:1116
[task 2019-04-26T18:12:13.749Z] 18:12:13 INFO - chrome://mochikit/content/browser-test.js:Tester_execTest:1144
[task 2019-04-26T18:12:13.750Z] 18:12:13 INFO - chrome://mochikit/content/browser-test.js:nextTest/<:1005
[task 2019-04-26T18:12:13.750Z] 18:12:13 INFO - chrome://mochikit/content/tests/SimpleTest/SimpleTest.js:SimpleTest.waitForFocus/waitForFocusInner/focusedOrLoaded/<:803
[task 2019-04-26T18:12:13.751Z] 18:12:13 INFO - TEST-PASS | browser/base/content/test/about/browser_aboutCertError_clockSkew.js | time-errors in the Learn More URL -

Flags: needinfo?(monikamaheshwari1996)

Can you help in here :)

Flags: needinfo?(monikamaheshwari1996) → needinfo?(jhofmann)

It seems we forgot to update the formatter in this test: https://searchfox.org/mozilla-central/rev/b2015fdd464f598d645342614593d4ebda922d95/browser/base/content/test/about/browser_aboutCertError_clockSkew.js#44

Can you do that and do a try push? :)

I'm not sure if you have access to Try yet, you can find instructions on how to get it here: https://wiki.mozilla.org/ReleaseEngineering/TryServer

I'm happy to vouch for you if you make a new bug, and please let me know if you need any help getting it running.

Flags: needinfo?(jhofmann)

Getting remote: Permission denied (publickey) on ./mach try empty

Flags: needinfo?(jhofmann)

Comment 20

2 months ago

Pushed by dluca@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4bb1186d2d9e
Use the same date/time format everywhere on cert error pages r=johannh

Keywords: checkin-needed

Comment 21

2 months ago
bugherder
Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 68

(In reply to Monika Maheshwari [:MonikaMaheshwari] from comment #19)

Getting remote: Permission denied (publickey) on ./mach try empty

Did you file a bug to get access to the try server? See https://wiki.mozilla.org/ReleaseEngineering/TryServer#Getting_access_to_the_Try_Server :)

Flags: needinfo?(jhofmann)
You need to log in before you can comment on or make changes to this bug.