Closed Bug 447047 Opened 14 years ago Closed 3 years ago

"AUS: Update XML File Malformed (200)" when updating with SSL/TLS disabled.

Categories

(Toolkit :: Application Update, defect, P3)

defect

Tracking

()

RESOLVED WONTFIX

People

(Reporter: hasham8888, Unassigned)

Details

(Whiteboard: Expected results in comment 1)

Attachments

(1 file)

When SSL and TLS is disabled, and Firefox update is run, " AUS: Update XML File Malformed (200) " message is displayed and update won't run. 

STR:
1) Disable SSL and TLS in options/preferences.
2) Try to update Firefox.

Actual Results:
Won't update.

Expected Results:
Should update.
You should change the expected Results.
The Update runs over https and without SSL an update isn't possible.
Do silently nothing is bad because the user thinks that FF will update

Expected Results should be :
An error message should appear "Auto-update impossible because SSL is disabled. Either disable the Auto-Update or enable SSL"
Component: General → Software Update
QA Contact: general → software.update
Ah, thanks, Matt. I'll comment in the whiteboard to look for expected results in comment #1.
Whiteboard: Expected results in comment 1
Product: Firefox → Toolkit
This causes
onError: request.status = 2153394156

and we fallback to the 200 error
Attached patch patch rev1Splinter Review
Boriss, can I get a ur-r from you on this?

I think some of these errors messages could do with a good once over but not as part of this bug. I believe this new error message for the case when SSL is disabled is consistent with the phrasing of the other error messages.

Though it isn't obvious that just enabling TLS is an option I don't think TLS is as widely known as SSL is and just enabling SSL will also fix this error.

I don't believe we should suggest disabling automatic updates as an option.

btw: from what I've read it is possible that the site itself might cause this error though it is extremely unlikely especially with our servers.
Assignee: nobody → robert.bugzilla
Status: NEW → ASSIGNED
Attachment #335858 - Flags: ui-review?(jboriss)
(In reply to comment #4)
> Created an attachment (id=335858) [details]
> patch rev1
> 
> Boriss, can I get a ur-r from you on this?

I'm worried the current phrasing says SSL is disabled but doesn't tell the user why that's relevant.  How about:

"Auto-update failed because SSL is disabled (Please enable SSL in Preferences/Encryption or contact your Administrator)"
Attachment #335858 - Flags: ui-review?(jboriss)
This will need to be one-off'd since the current code doesn't replace strings in error messages and the name for the menu item is Options on Windows and Preferences on Mac and Linux. I'm also hesitant to specify Encryption since the placement in preferences is app specific... for that matter an app can choose to leave it out altogether but in that case the app or the user would have had to go out of their way to disable SSL and I'm less concerned about that specific case. We are also removing the "contact your administrator" so how about:

Update failed because SSL is disabled (Please enable SSL in %S)
(In reply to comment #6)
>...
> Update failed because SSL is disabled (Please enable SSL in %S)
with %S replaced by either options or preferences.
(In reply to comment #7)
> (In reply to comment #6)
> >...
> > Update failed because SSL is disabled (Please enable SSL in %S)
> with %S replaced by either options or preferences.
bah... just noticed that we are also making case changes so it would be
(please enable SSL in %S)

Also, any preference on the case of O|options / P|prefernces?
It's unlikely that I will get to work on this in the next two weeks, so unassigning myself for now.
Assignee: robert.strong.bugs → nobody
No assignee, updating the status.
Status: ASSIGNED → NEW
No assignee, updating the status.
No assignee, updating the status.
No assignee, updating the status.
Priority: -- → P3

We notify the client that they should manually update which I think is acceptable for this edgecase.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.