Closed Bug 1643249 Opened 5 years ago Closed 5 years ago

Keeping Cert Whitelist "security.certerrors.permanentOverride;true" is ignored

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
78 Branch
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: da48e398a4, Unassigned, NeedInfo)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

Using the 78 developer edition I whitelisted a testing website in our local network in the whitelist for certificate overrides.

Actual results:

Upon closing the browser cert_override.txt is cleared regardless to a default state without my exception. Setting either "security.certerrors.permanentOverride;true" OR "security.certerrors.permanentOverride;false" had no effect at all. Contrary to previous versions.

Expected results:

User whitelisted websites need to persist in cert_override.txt if the switch is set correctly. Currently neither true nor false make any entries persist browser restarts. You can imagine this makes testing TLS secured websites in LAN before pushing them to production significantly more annoying.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Security

Note that security.certerrors.permanentOverride only controls how certificate exceptions are persisted when clicking the button on the certificate error page, it doesn't control the certificate manager. The cert error pages seem to work fine for me, so I'll move this to PSM for further investigation.

Component: Security → Security: PSM
Product: Firefox → Core

(In reply to Steven M. Crown from comment #0)

Upon closing the browser cert_override.txt is cleared

Meaning, if you add an override, an entry gets added to this file, but then when you close Firefox, it gets cleared?
Do you have Firefox configured to delete cookies and site data or history when it closes?

Flags: needinfo?(da48e398a4)

Note that it's a tiny bit patronizing to assume that I do not understand the usage of buttons or the text file. Having to resort to making the file write protected, as neither true nor false stop the clearing is a terrible workaround.

Meaning that I understand the buttons (I used them for years now?), cert_override.txt fills after confirming inside the GUI, but the entries are expunged on next launch regardless of about:config settings.

It's natural a letsencrypt cert is meant for the web, but we develop in LAN here before pushing to production. So this feature is critical for leading encrypted sites from within the network without seeing a big cert warning all the time because accessed from a 10.0.0.0/8 network instead of domain.tld.

Thanks anyway for looking into it, I can try a blank profile, but give that I literally changed nothing and the only change is the update this week..

Flags: needinfo?(da48e398a4)

We're trying to gather more formation and clarify the situation so we can figure out what's going on and fix the issue you're encountering. To that end, it's still not clear to me if you have configured Firefox to delete cookies and site data or history when it closes - can you please check that for me? (Alternatively, checking in a new profile as you've suggested would also be helpful.) Thank you.

Flags: needinfo?(da48e398a4)
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.