Closed
Bug 478940
Opened 16 years ago
Closed 15 years ago
Allow users to deal with expired certificates
Categories
(Firefox for Android Graveyard :: General, defect)
Firefox for Android Graveyard
General
Tracking
(fennec1.0-)
VERIFIED
DUPLICATE
of bug 436076
| Tracking | Status | |
|---|---|---|
| fennec | 1.0- | --- |
People
(Reporter: madhava, Unassigned)
References
Details
Attachments
(1 file)
|
76.14 KB,
image/png
|
Details |
the certificate exception dialog in firefox
Right now, Fennec uses the pre-firefox 3.1 version of the warning page that comes up when a user encounters an expired certificate (the new design is more compact and more informative), so Fennec should use a (possibly modified) version of that.
Secondly, what happens when the user clicks through (i.e. accepts the risk) is that a dialog comes up that is (a) too big for the screen and (b) has been redesigned a bit for firefox 3.1 as well (it was too confusing before). This dialog has to be made fennec-friendly.
|
||
Comment 1•16 years ago
|
||
Do you mean invalid certs? Expired certs can't be overridden, since they could be revoked (CAs don't provide revocation data on expired certs).
|
Reporter | |
Comment 2•16 years ago
|
||
This is the dialog that I mentioned earlier that is too big.
|
||
Comment 3•16 years ago
|
||
(In reply to comment #0)
> Right now, Fennec uses the pre-firefox 3.1 version of the warning page that
> comes up when a user encounters an expired certificate (the new design is more
> compact and more informative), so Fennec should use a (possibly modified)
> version of that.
>
> Secondly, what happens when the user clicks through (i.e. accepts the risk) is
> that a dialog comes up that is (a) too big for the screen and (b) has been
> redesigned a bit for firefox 3.1 as well (it was too confusing before). This
> dialog has to be made fennec-friendly.
The bug that implemented the changes in Firefox 3.1 added support for other apps to override the certificate behaviour by implementing their own about:certerror page (bug 431826). Fennec isn't seeing that new page since it was implemented in Firefox, but you could implement your own about:certerror or just steal the Firefox version. Implementing your own page would allow you to change the presentation, you could even remove the launching of the exception dialog and add your own exceptions some other way, if you think that's the right decision for Fennec.
(In reply to comment #1)
> Do you mean invalid certs? Expired certs can't be overridden, since they could
> be revoked (CAs don't provide revocation data on expired certs).
It is certainly the case that most CAs don't keep revocation around indefinitely, but we do allow exceptions for expired certs, as well as domain mismatch, and untrusted issuer. We don't allow exceptions for a revoked cert. More generically, we allow exceptions when we don't know the answer affirmatively, and can't make the call for the user. Expiry is one of those cases.
|
||
Updated•16 years ago
|
tracking-fennec: --- → ?
|
|
||
Updated•16 years ago
|
tracking-fennec: ? → 1.0-
Flags: wanted-fennec1.0+
|
||
Comment 4•15 years ago
|
||
This is a duplicate of bug https://bugzilla.mozilla.org/show_bug.cgi?id=436076 because there's just more actual work going on there...and it's older.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•15 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•