1795970 - engine-gecko: Integrate certificate information

Status: ASSIGNED

(Firefox for Android :: Browser Engine, enhancement)

Description

[Christian Sadilek [:csadilek]]

From github: https://github.com/mozilla-mobile/android-components/issues/5557.

We currently only use the full (unparsed) issuer name in our SecurityInfo. GeckoView now provides more certificate information we should integrate.

┆Issue is synchronized with this Jira Task

Change performed by the Move to Bugzilla add-on.

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

The severity field is not set for this bug.
:cpeterson, could you have a look please?

For more information, please visit auto_nag documentation.

Comment 2

[Dan]

Please seriously consider moving to P2 and S2. Having to switch to a chromium based Android browser everytime we want to make sure that a website is very secure (check TLS version, bit length etc.) is very frustrating.

Comment 3

[Jeff Boek [:boek]]

Removing severity/priority for this for re-triage.

Comment 4

[github]

I have not found a way to access certificate information when using Gecko via the Android Components at all.

Since geckoSession is internal there is no way to override the progessDelegate where the certificate information is reduced and made available to the observers.

At this stage, I would suggest that the entire certificate should be made available to observers, rather than just the host and issuer.

Comment 5

[Dana Keeler (she/her) [:keeler]]

Attachment: Bug 1795970 - engine-gecko: provide server certificate in onSecurityChange r?#android-reviewers