Closed
Bug 476014
Opened 15 years ago
Closed 15 years ago
ssl errors presented as alert rather than xul message
Categories
(Firefox :: Security, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 457021
People
(Reporter: tpowell, Unassigned)
Details
Attachments
(1 file)
35.79 KB,
image/png
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.43 Safari/525.19 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 I'm getting an alert box rather than the xul window for self signed certs (and all ssl errors) For errors with embedded html (host name vs cert mismatch) I see raw html rather than rendered html. Reproducible: Always Steps to Reproduce: From a clean 2008 install 1) I installed and then started apache 2.0.59 (likely breaks with others) with a self signed cert with something other than localhost as the name. 2) I downloaded and installed the firefox version listed above from getfirefox.net 3) in the fresh firefox that opens after install, I tried going to localhost Actual Results: I got an alert box titled "Alert" containing: localhost:443 uses an invalid security certificate. The certificate is not trusted because it is self signed. The certificate is only valid for <a id="cert_domain_link" title="win2008.xxxx.com">win2008.xxxx.com</a> (Error code: sec_error_ca_cert_invalid) Expected Results: An xul page containing the above (and the html to be rendered rather than seeing the raw html) I do see the proper xul message on the same version of firefox I have on an XP machine that has been upgraded ever since the 3.0 RCs so it is either the 2008 or the fresh install that is causing the problem. This also happens for just a normal self signed cert message, but there's no raw html in that alert box. The lack of the xul page means that there is no way to accept the cert. You must use some other tool to download it before you can manually import it.
Reporter | ||
Comment 1•15 years ago
|
||
The dns is blotted out because it is not actually valid and I didn't want it to be mistaken for a repro site.
Updated•15 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Updated•15 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•