Closed Bug 484990 Opened 16 years ago Closed 9 years ago

error message should not talk about "the authenticity of the received data" when the server blames the user

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: timeless, Unassigned)

References

(
URL
)

Details

steps: 1. create an account w/ startssl 2. let it expire 3. try to log in again actual results: Secure Connection Failed An error occurred during a connection to www.startssl.com. SSL peer rejected your certificate as expired. (Error code: ssl_error_expired_cert_alert) The page you are trying to view can not be shown because the authenticity of the received data could not be verified. * Please contact the web site owners to inform them of this problem. expected results: since it's my fault (it's my cert that expired) and psm should know this, it shouldn't tell me that the received data couldn't be authenticated, the problem was that my sent data wasn't accepted.
NSS/PSM are right, they clearly state what happened. The phrase about authenticity is a general catch-all phrase meant to elaborate. I think your point is to avoid inappropriate catch-all phrases or find better ones.
string lives in mozilla/locales/en-US/chrome/netError.dtd and I believe is duplicated in two other app specific directories
Assignee: kaie → nobody
I think we should look at changing the psm string too (assuming we can find something that is suitably generic for PSM's consumers): http://mxr.mozilla.org/mozilla-central/source/security/manager/locales/en-US/chrome/pipnss/nsserrors.properties This won't make FF3.5/Gecko 1.9.1 since we are post-string-freeze.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.