Closed
Bug 405289
Opened 17 years ago
Closed 17 years ago
Exception dialog needs to support cert across different ports
Categories
(Core Graveyard :: Security: UI, defect)
Core Graveyard
Security: UI
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: mimecuvalo, Assigned: KaiE)
References
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b2pre) Gecko/2007112405 Minefield/3.0b2pre Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b2pre) Gecko/2007112405 Minefield/3.0b2pre When opening sockets my extension would be able to add exceptions that would apply across different ports (and servers I believe for that matter). Now, I think you guys have done a fantastic job with the new security improvements but it now restricts the exception to be valid for only a certain port. The way FTP works, for those unfamiliar, you have the control connection on port 21 but the data connections are opened on various ports that are chosen dynamically at runtime. So, I can bother the user to add an exception for the control connection, that's fine - but I can't have the user approve every single new port for every single transfer. Reproducible: Always Steps to Reproduce: 1. Install Filezilla FTP server on your machine. 2. Set it up and enable SSL/TLS support using Generate New Certificate... to create a self-signed cert. 3. Install the latest developer version of the FireFTP extension: http://nightlight.ws/fireftp.xpi 4. Create an account to connect to the localhost server with AUTH TLS enabled (under the Connections tab). 5. When connecting you will go through the exception dialog to add the cert. 6. The cert will be only valid for the control connection (on port 21). 7. That sucks :)
|
Reporter | |
Comment 1•17 years ago
|
||
And actually, if I could expand this bug, there is also the issue that the domain name and the IP address of a site are considered to be two different things as well. So, a site which throws the invalid security error like: https://www.kuix.de and it's matching IP: https://212.227.62.41 have to be separately approved. The same is true for FTP here - I approve the domain name but then I start opening sockets to certain IP addresses.
|
|
Reporter | |
Updated•17 years ago
|
Summary: Exception dialog needs to support cert across different ports → Exception dialog needs to support cert across different ports (and domain/IP address)
|
||
Comment 2•17 years ago
|
||
You've got a point with your initial comments about the ports, nominating for consideration.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.9?
|
|
Reporter | |
Comment 3•17 years ago
|
||
FWIW, I tried working around this issue by programmatically doing importServerCertificate but it interestingly produces the same problem. In the UI it lists '*' for the server which would in theory make it valid for any server/port combo.
|
|
||
Comment 4•17 years ago
|
||
Please file a separate ("depends on") enhancement bug about the IP address, it's not as clear-cut a case and in fact I'm pretty dubious about it.Summary: Exception dialog needs to support cert across different ports (and domain/IP address) → Exception dialog needs to support cert across different ports
|
Assignee | |
Comment 5•17 years ago
|
||
Re comment 1 and comment 4, Mime filed separate bug 405514.
|
|
Assignee | |
Comment 6•17 years ago
|
||
resolving as WONTFIX. please reopen if you disagree.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WONTFIX
|
|
Assignee | |
Comment 7•17 years ago
|
||
Reason for my WONTFIX proposal: - the reporter was able to work around the original issue, see his comments in bug 405514 - I believe the "need two ports" is an edge case, and should be worked around by the specific application scenario.
|
||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•