Site-specific exceptions for self-signed certificates are forgotten when Firefox for Android restarts
Categories
(Firefox for Android :: Browser Engine, defect)
Tracking
()
People
(Reporter: gl, Unassigned)
Details
From github: https://github.com/mozilla-mobile/fenix/issues/17607.
self signed certificates are no longer working.
the first time you visit a url you can add the exception but every-time after will fail stating connection is not secured.
(should it not be up to me to decide who i trust?)
┆Issue is synchronized with this Jira Task
Change performed by the Move to Bugzilla add-on.
|
||
Updated•2 years ago
|
|
||
Comment 1•2 years ago
|
||
https://searchfox.org/mozilla-mobile/source/firefox-android/fenix/app/src/main/assets/lowMediumErrorPages.js#122-129,142 , here always add exception temporarily.
We should do the same thing as desktop . add exception permanently in normal mode , add exception temporarily in private mode. we should also provide a method for users to revoke the exception (just like desktop).
|
||
Comment 2•4 months ago
|
||
Here are some STR:
Steps to reproduce
- Visit a site with a self-signed certificate, e.g. https://self-signed.badssl.com/ (In my actual use-case, I'm trying to view the web interface for a device on my local network that uses a self-signed certificate.)
--> This will show a "Secure Connection Failed" error-page. - On the error page, tap "Advanced" and then "Accept the Risk and Continue".
--> This will take you to a red page with large text "self-signed.badssl.com" -- this is the actual website. - Force-quit Firefox, and then reopen Firefox and visit https://self-signed.badssl.com/ again.
Expected behavior
The site should load (I should see the same red-page as noted in "-->" after step 2). In other words: the user's preference to accept-the-risk-and-continue for this site should be remembered (with some UI available to clear that preference, e.g. in the site-info menu from the broken-shield icon).
Actual behavior
The site doesn't load. I get the same "Secure Connection Failed" page and have to tap through "Advanced"/"Accept the Risk and Continue" again, if I want to use the page.
Device information
- Firefox version: 145.0a1
- Android device model: Pixel 10 Pro XL
- Android OS version: 16
Any additional information?
Mobile Chrome (v141 on Android) gives EXPECTED RESULTS.
Mobile Safari 17 (on iPadOS 17.7.10) gives EXPECTED RESULTS.
Desktop browsers including Firefox-on-Desktop give EXPECTED RESULTS.
And based on https://github.com/mozilla-mobile/fenix/issues/17607#issuecomment-784983698 it sounds like this used to work in Firefox-for-Android before 2021.
|
|
||
Updated•4 months ago
|
|
|
||
Comment 3•2 months ago
|
||
Additional note: Chrome on Android seems to remember the "accept and continue" for about a week, based on my experience from a local-network IOT service that has a self signed ssl certificate. (I visit this service's web interface ~daily in Chrome on Android, and Chrome only shows me the error page and makes me click through once a week or so.)
Description
•