Closed Bug 425136 Opened 16 years ago Closed 14 years ago

Need UI to handle web server certificate problems

Categories

(Firefox :: Sync, defect)

Product:
Firefox
Component:
Sync
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 545556
Milestone:
Future

People

(Reporter: iav, Unassigned)

Details

(Keywords: helpwanted, uiwanted, Whiteboard: [wontfix?]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5pre) Gecko/2008032505 Minefield/3.0b5pre
Build Identifier: 

Need some user interface to warn about SSL problems and handle some of it.
Now there no mechanism to know about bad or changed certificate, no possibility to add to exclusion list self-signed certificate of server.

Reproducible: Always
Targeting for 0.2 (P2).
Unclear what the desired UI for this is.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: helpwanted, uiwanted
OS: Windows XP → All
Priority: -- → P2
Hardware: PC → All
Target Milestone: 0.1 → 0.2
Blocks: 433899
not going to make 0.2, reassigning to 0.3.  we should document the workaround and include in a release note.
No longer blocks: 433899
Target Milestone: 0.2 → 0.3
I'm not sure if that really should be implemented.

The recommended way to handle this is to create your own CA and sign your certificate with it.  Then important your CA into Firefox (Preferences -> Advanced -> Encryption -> View Certificates -> Authorities -> Import; select the crt file and check "This certificate can identify web sites").  After that Firefox will gladly accept your certificate.
Currently Weave will fail silently if you use your own server with a self-signed cert.  The solutions (either adding an exception for the cert, or adding a CA to Firefox as comment #3 suggests) work fine, but they need to be suggested somewhere.

I would be OK with a minimal solution for this bug (just warning of the problem with some explanation of how to solve it).
If weave is using xmlhttprequests then Fx3 provides a method to ignore SSL certificate errors. 
Fx2 does not, but handles it by some other method.
Wonder if Fx2 would even be target app. when Weave goes 1.0
These bugs need to be triaged, removing 0.3 milestone setting.
Target Milestone: 0.3 → Future
Component: Weave → General
Product: Mozilla Labs → Weave
QA Contact: weave → general
We are not going to ignore SSL certificate errors silently.  I think that I'm okay with documenting a workaround for people wanting to use a self-signed cert:

Advanced->Encryption->View Certificates->Add Exception

Strongly recommend WONTFIX here, building UI for this case feels like it's a lot of work for a corner case.
Component: General → Sync
QA Contact: general → sync
Whiteboard: [wontfix?]
Then, at least, add descriptive error message into the log? Makes possible to google wiki page with solution (open url with broswer and add exclusion here will be much more suitable).
In Weave 0.7 & Firefox 3.5 every time after new install I have the problem with certificates.
When syncing weave founds very old certificates (self-signed) that I didn't use anymore, but they show the warning (screenshot http://imagebin.ca/view/FOVDcpvO.html) for each certificate more than one times (the window have only Cancel button, I press it and firefox shows me this message again, very often - 2-50 time per session!!)
And this messages repeats again each session, while I open the site with certificate and correctly confirm firefox security exception.

And, I think, we need a tool to clear old certificates from Weave user database.
Duping forward to Bug 545556, since there's a bunch of different things, and I think that bug sums up the path we want to take here.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Removing priority from a duped bug.
Priority: P2 → --
Component: Firefox Sync: Backend → Sync
Product: Cloud Services → Firefox
You need to log in before you can comment on or make changes to this bug.