Padlock icon showing mixed or unlocked for secure sites, no security warning message when entering site




Security: PSM
18 years ago
10 years ago


(Reporter: cheng, Assigned: Judson Valeski)


1.0 Branch
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [nsbeta2-], URL)


(1 attachment)



18 years ago
For two sites that I frequently access:

Mozilla always show the padlock icon with a red line through it. When I clicked
on the icon, PSM says that the site does not support authentication or
encryption. I don't know of other sites with the same problem. I can access
these sites fine with Netscape 4.73 just fine, and Netscape 4.73 says that the
site's certificates and encryption are just fine.

Comment 1

18 years ago
setting bug status to New
Ever confirmed: true

Comment 2

18 years ago
Assigning to dougt. There does not appear to be any insecure content on
Assignee: lord → dougt
QA Contact: lord → junruh
Summary: Padlock icon not showing secure for secure sites → Padlock icon showing mixed for secure sites

Comment 3

18 years ago
Reassigning all https/cartman/security bugs to valeski.  He will be finding new 
owner(s).  This shift is so that I can focus on embedding issues.  If the new 
owner has questions that can not be resovled, I may be able to lend a (quick) 

over to valeski....
Assignee: dougt → valeski


18 years ago
Keywords: nsbeta2
OS: Linux → All
Hardware: PC → All
Version: 1.1 → 1.2

Comment 4

18 years ago
Putting on [NEED INFO] radar. PDT needs to know impact to user and risk of fix 
to make a call on this bug. Can we get this tested with the latest builds and 
get and updated status on this problem.
Whiteboard: [NEED INFO]

Comment 5

18 years ago
This is still happening with today's builds. The impact to the user is that he 
can get the impression that entering his password to login to his bank account 
is insecure, even though the site really is secure. 

Also, if you click on the lock icon, you can read "The web site does not support authentication for the page you are 
viewing." This is incorrect. It should say "The web site 
supports authentication  for the
 page you are viewing. The identity of this web site has been verified by
 OU=Secure Server Certification Authority, O="RSA Data Security, Inc.",
 C=US, a certificate authority you trust for this purpose. "

Comment 6

18 years ago
Putting on [nsbeta2-] radar. Not critical to beta2.  Adding "nsbeta3" keyword 
for consideration of a fix for that milestone. 
Keywords: nsbeta3
Whiteboard: [NEED INFO] → [nsbeta2-]

Comment 7

18 years ago
this is still valid on 2000-070220. What's more - i suspect the output is right
about the transaction being insecure - i couldn't see the usual psm processes
running with a ps -ef
What indicates it's a secure transaction at all? All output indiactes the
contrary. I wouldn't dare use this one for my bank transactions currently.

This is the info i get from PSM:

Web Site Identity Not Verified
The web site does not support authentication for the page you are
viewing. Without authentication, the origin of information sent over the
Internet cannot be verified. Connection

Not Encrypted
The web site does not support encryption for the page you are
viewing. Information sent over the Internet without encryption can be seen by
other people while it is in transit.

Comment 8

18 years ago
I just checked on 2000070120, and I can certainly see the psm processes
running.  What's more is that the page took extremely long to load, just like
any other encrypted page.  And it seems to me that it is probably encrypted...

Comment 9

18 years ago
An interesting note:  when I log out of the banking site, I got to the page at:

and if you click on the padlock it shows that everything is encrypted.


18 years ago
Blocks: 31344

Comment 10

18 years ago
Could this be an instance of bug 45337 ?

Comment 11

18 years ago
on the order page for , there is no popup
message telling the user that the site is secure, plus the padlock icon does not
change at all. but if you hit continue w/o entering more info, the error page
does show up w/ the right security padlock, still no "this site is secure" popup
message though. This is on a cvs Linux build from 0720. exhibits that red cross behavior.
Summary: Padlock icon showing mixed for secure sites → Padlock icon showing mixed or unlocked for secure sites, no security warning message when entering site

Comment 12

18 years ago
This also occurs on
I have confirmed this is caused by bug 45337.
Depends on: 45337


18 years ago
Depends on: 46739

Comment 13

18 years ago
another problem is that we are check the flags on flag_is_request not
flag_is_network.  I am attaching a diff which will fix some of the problems.

Comment 14

18 years ago
Created attachment 12175 [details] [diff] [review]
fixes flag_is_request checks


18 years ago
Blocks: 18687


18 years ago
No longer depends on: 46739


18 years ago
Blocks: 48444

Comment 15

18 years ago
Worksforme now.
Last Resolved: 18 years ago
Resolution: --- → WORKSFORME


18 years ago

Comment 16

18 years ago
Verified with the 081804 Win32 and Linux builds.


14 years ago
Component: Security: PSM → Security: PSM
Product: PSM → Core


10 years ago
Version: psm1.2 → 1.0 Branch
You need to log in before you can comment on or make changes to this bug.