Closed Bug 1663302 Opened 5 years ago Closed 5 years ago

Conflicting error messages on self-signed cert

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
80 Branch
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1524323

People

(Reporter: bfox200012, Unassigned)

Details

Attachments

(1 file)

Screenshot of the issue
102.52 KB, image/png
Details
Attached image Screenshot of the issue

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Edg/85.0.564.44

Steps to reproduce:

Visit https://melonds.kuribo64.net/comments.php?id=124, which uses an expired self-signed cert.

Actual results:

The visible error message displays:

Websites prove their identity via certificates, which are valid for a set time period. The certificate for melonds.kuribo64.net expired on 6/11/2019.

However, the error code correctly specifies:
Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

Expected results:

Self-signed cert errors should take priority over expired cert errors, as users are much more likely to dismiss an expired cert warning than a self-signed cert error

I should note, this priority issue also applies to websites that throw SEC_ERROR_UNKNOWN_ISSUER as illustrated with https://preact-cli.badssl.com. I wouldn't be surprised if the same priority issue occurs with expired certs with other issues.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Security: PSM
Product: Firefox → Core
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: