Closed
Bug 384205
Opened 17 years ago
Closed 17 years ago
unhappy certificate dialog needs to be replaced
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 380605
People
(Reporter: timeless, Assigned: KaiE)
References
Details
Attachments
(3 files)
msie gives me a certificate viewer with an unhappy indicator. I'm able to see the certificate is expired. minefield gives me an error that says ~I have no idea why the certificate is bad, but it's bad, trust me~. <johnath> At very least, we should dump to an error page which says the same sort of thing, but tells you how to import the cert, if that's what you really want to do. Unless that error means that the cert is non-validatable (broken sig, e.g.) in which case it could at least be more clear
Attachment #268133 -
Attachment mime type: application/x-x509-ca-cert → application/x-x509-email-cert
Comment on attachment 268138 [details]
happier version of same certificate
selecting this version of the certificate with firefox yields an import dialog that doesn't tell me the certificate has expired (details does, but why would i view details?!)
Comment 4•17 years ago
|
||
Timeless, please attach a screen shot of the lousy minefield error dialog.
Comment 6•17 years ago
|
||
That message is known as "NotImportingUnverifiedCert" and is output in two places: in nsNSSCertificateDB::ImportEmailCertificate and in nsNSSCertificateDB::ImportValidCACertsInList both in security/manager/ssl/src/nsNSSCertificateDB.cpp They were added a year ago, in response to bug 176507 and bug 310446. The dialog occurs for each cert in the import list cannot be verified. As with all security error UI decisions, there was the struggle between people who (like me) think an error message should tell you enough to know such things as (a) what cert had the problem, and (b) what the specific problem was, and people who think that errors should be dumbed down about as much as possible and avoid giving the user details. I would like very much to see this dialog tell the user some aspect of the subject name in the cert, and the string for the specific error code. But thre are others who would like to see this silently ignored, or just a dialog that says "Some of the certs were not imported. [OK]" I guess PKI security is only good UI if people don't have to think about it. :(
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•