Closed Bug 405289 Opened 17 years ago Closed 17 years ago

Exception dialog needs to support cert across different ports

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: mimecuvalo, Assigned: KaiE)

References

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b2pre) Gecko/2007112405 Minefield/3.0b2pre Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b2pre) Gecko/2007112405 Minefield/3.0b2pre When opening sockets my extension would be able to add exceptions that would apply across different ports (and servers I believe for that matter). Now, I think you guys have done a fantastic job with the new security improvements but it now restricts the exception to be valid for only a certain port. The way FTP works, for those unfamiliar, you have the control connection on port 21 but the data connections are opened on various ports that are chosen dynamically at runtime. So, I can bother the user to add an exception for the control connection, that's fine - but I can't have the user approve every single new port for every single transfer. Reproducible: Always Steps to Reproduce: 1. Install Filezilla FTP server on your machine. 2. Set it up and enable SSL/TLS support using Generate New Certificate... to create a self-signed cert. 3. Install the latest developer version of the FireFTP extension: http://nightlight.ws/fireftp.xpi 4. Create an account to connect to the localhost server with AUTH TLS enabled (under the Connections tab). 5. When connecting you will go through the exception dialog to add the cert. 6. The cert will be only valid for the control connection (on port 21). 7. That sucks :)
Depends on: 401575
And actually, if I could expand this bug, there is also the issue that the domain name and the IP address of a site are considered to be two different things as well. So, a site which throws the invalid security error like: https://www.kuix.de and it's matching IP: https://212.227.62.41 have to be separately approved. The same is true for FTP here - I approve the domain name but then I start opening sockets to certain IP addresses.
Summary: Exception dialog needs to support cert across different ports → Exception dialog needs to support cert across different ports (and domain/IP address)
You've got a point with your initial comments about the ports, nominating for consideration.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.9?
FWIW, I tried working around this issue by programmatically doing importServerCertificate but it interestingly produces the same problem. In the UI it lists '*' for the server which would in theory make it valid for any server/port combo.
Please file a separate ("depends on") enhancement bug about the IP address, it's not as clear-cut a case and in fact I'm pretty dubious about it.
Summary: Exception dialog needs to support cert across different ports (and domain/IP address) → Exception dialog needs to support cert across different ports
Re comment 1 and comment 4, Mime filed separate bug 405514.
resolving as WONTFIX. please reopen if you disagree.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WONTFIX
Reason for my WONTFIX proposal: - the reporter was able to work around the original issue, see his comments in bug 405514 - I believe the "need two ports" is an edge case, and should be worked around by the specific application scenario.
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.