Closed Bug 497488 Opened 15 years ago Closed 8 years ago

RSS feeds with an invalid certificate fail with a misleading 'url could not be found' error, work if a certificate security exception is added manually

Categories

(MailNews Core :: Feed Reader, defect)

Product:
MailNews Core
Component:
Feed Reader
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 52.0

People

(Reporter: kidnapper, Assigned: alta88)

References

(Depends on 2 open bugs,
URL
)

Details

(Whiteboard: [psm-cert-exceptions][duptome])

Attachments

(3 files, 6 obsolete files)

feedCertificate.patch
17.31 KB, patch
alta88
: review+
Details | Diff | Splinter Review
suiteString.patch
2.58 KB, patch
alta88
: review+
Details | Diff | Splinter Review
feedVerify.patch
18.72 KB, patch
alta88
: review+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; hu-HU; rv:1.9.1b4) Gecko/20090427 Fedora/3.5-0.20.beta4.fc11 Firefox/3.5b4
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3pre) Gecko/20090513 Fedora/3.0-2.3.beta2.fc11 Thunderbird/3.0b2

If I would like to subscribe to an RSS feed, which is based on HTTPS and the Cert has problems (sec_error_untrusted_issuer), then a new window will pop up, where are two options:
- view the cert
- cancel

there is no accept cert button.

Reproducible: Always

Steps to Reproduce:
1. RSS Subscriptions
2. Add
3. URL: https://bash.hu/rss for example
Actual Results:  
The described window pops up.

Expected Results:  
There could be an accept cert button.

The workaround could be, that at the Main settings I add the invalid cert manually to the accepted certs list, but this is a big overhead for a regular user I guess. It should be simplier.
Confirming Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1pre) Gecko/20090609 Shredder/3.0b3pre -
Status: UNCONFIRMED → NEW
Component: Account Manager → Feed Reader
Ever confirmed: true
Flags: wanted-thunderbird3?
OS: Linux → All
Product: Thunderbird → MailNews Core
QA Contact: account-manager → feed.reader
Hardware: x86_64 → All
Version: unspecified → 1.9.1 Branch
What's the state of this bug? I would really love to read RSS's with TB..
Also there is a same (wrong) handling of certifications, when the html e-mail is containing pictures from an invalid-cert HTTPS page.
Whiteboard: [psm-cert-exceptions]
kaie, is there anything actionable we can do to move this bug forward?
Version: 1.9.1 Branch → Trunk
Depends on: 528922
I suspect that bug 493980 may hold the key to this, as its very likely we're doing a similar thing here (i.e. looking at RSS feed in the background and not supplying a window or something like that).
A user should be able to manually add an override, if desired.

preferences / advanced / certificates / view / servers / add exception

A dialog opens, as Location enter
  https://bash.hu/rss

Look at the report, and if desired, you may confirm a permanent security exception.

After you did the above, you should be able to connect.
(In reply to comment #5)

> After you did the above, you should be able to connect.

confirming that the exception works that way.
Whiteboard: [psm-cert-exceptions] → [psm-cert-exceptions][duptome]
Flags: wanted-thunderbird3? → wanted-thunderbird+
This bug is still present.

It would be even a great improvement to change the error message to something that explains the actual error.
The real problem is the misleading error for a certificate/security exception. It would be easy enough to cut/paste the code in bug 866924 comment 1 but it would be much nicer to use the api if/when it lands.
Depends on: 866924
Summary: Can't subscribe to an RSS with invalid certificate → RSS feeds with an invalid certificate fail with a misleading 'url could not be found' error, work if a certificate security exception is added manually
This patch increases granularity of http error messages, fixes misleading no auth/bad certificate messages, and creates a better ergonomic for user exceptions to overridable security certificate errors.

In the subscribe dialog:
1) immediate feedback when a bad cert feed url is subscribed.
2) for bad certs, display an Add Exception button to open the Security Exception dialog.
3) for existing feed urls, enable the Update button to perform verification to check if the url still works.
Attached patch feedCertificate.patch (obsolete) — Splinter Review 
Assignee: nobody → alta88

        Attachment #8794999 -
        Flags: review?(mkmelin+mozilla)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        feedVerify.patch (obsolete)
        — Splinter Review
      

    


  

        Attachment #8795001 -
        Flags: review?(mkmelin+mozilla)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        feedVerify.patch (obsolete)
        — Splinter Review
      

    


  
skip item invalidation in non parse/store mode.

        Attachment #8795001 -
        Attachment is obsolete: true

        Attachment #8795001 -
        Flags: review?(mkmelin+mozilla)

        Attachment #8795020 -
        Flags: review?(mkmelin+mozilla)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        feedVerify.patch (obsolete)
        — Splinter Review
      

    


  
tweaks for better ui feedback on verify.

        Attachment #8795020 -
        Attachment is obsolete: true

        Attachment #8795020 -
        Flags: review?(mkmelin+mozilla)

        Attachment #8796889 -
        Flags: review?(mkmelin+mozilla)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        suiteString.patch (obsolete)
        — Splinter Review
      

    


  

    
    

    
  
Comment on attachment 8794999 [details] [diff] [review]
feedCertificate.patch

Review of attachment 8794999 [details] [diff] [review]:
-----------------------------------------------------------------

::: mail/locales/en-US/chrome/messenger-newsblog/newsblog.properties
@@ +67,5 @@
>  newsblog-networkError=%S could not be found. Please check the name and try again.
>  ## LOCALIZATION NOTE(newsblog-feedNotValid): %S is the feed URL
>  newsblog-feedNotValid=%S is not a valid feed.
> +## LOCALIZATION NOTE(newsblog-badCertError): %S is the feed URL host
> +newsblog-badCertError=%S uses an invalid security certificate; user exception required.

I'd remove the "; user exception required." part

::: mailnews/extensions/newsblog/content/Feed.js
@@ +230,5 @@
>        }
> +      else {
> +        let [errType, errName] = FeedUtils.createTCPErrorFromFailedXHR(request);
> +        FeedUtils.log.info("Feed.onDownloaded: request errType:errName:statusCode - " +
> +                           errType+":"+errName+":"+request.status);

nit: spaces around plusses

        Attachment #8794999 -
        Flags: review?(mkmelin+mozilla) → review+

        Attachment #8796889 -
        Flags: review?(mkmelin+mozilla) → review+

    
    

    
  


  
updated.

        Attachment #8794999 -
        Attachment is obsolete: true

        Attachment #8800614 -
        Flags: review+

    
    

    
  

      
      
      
      

        Attached patch
          
          
        suiteString.patch (obsolete)
        — Splinter Review
      

    


  
for suite.

        Attachment #8796964 -
        Attachment is obsolete: true

        Attachment #8800615 -
        Flags: review?(ewong)

    
    

    
  
string ping?

    
    

    
  
Comment on attachment 8800615 [details] [diff] [review]
suiteString.patch

># HG changeset patch
># Parent  109f8303a81d8c21c320fb8e347b5f1cd989136a
>Bug 497488 - RSS feeds with an invalid certificate fail with a misleading 'url could not be found' error, work if a certificate security exception is added manuall
>
>diff --git a/suite/locales/en-US/chrome/mailnews/newsblog/newsblog.properties b/suite/locales/en-US/chrome/mailnews/newsblog/newsblog.properties
>--- a/suite/locales/en-US/chrome/mailnews/newsblog/newsblog.properties
>+++ b/suite/locales/en-US/chrome/mailnews/newsblog/newsblog.properties
>@@ -9,16 +9,18 @@ subscribe-feedAlreadySubscribed=You alre
> subscribe-errorOpeningFile=Could not open the file.
> subscribe-feedAdded=Feed added.
> subscribe-feedUpdated=Feed updated.
> subscribe-feedMoved=Feed subscription moved.
> subscribe-feedCopied=Feed subscription copied.
> subscribe-feedRemoved=Feed unsubscribed.
> subscribe-feedNotValid=The Feed URL is not a valid feed.
> subscribe-networkError=The Feed URL could not be found. Please check the name and try again.
>+subscribe-noAuthError=The Feed URL is not authorized.
>+subscribe-feedVerified=The Feed URL has been verified.
> subscribe-loading=Loading, please waitâ¦
Nit: could the "subscribe-feedVerified" entity be moved to just after the other "subscribe-feed*" entities?
r/a=me with that fixed.

        Attachment #8800615 -
        Flags: review?(ewong) → review+

    
    

    
  


  

        Attachment #8800615 -
        Attachment is obsolete: true

        Attachment #8802255 -
        Flags: review+

    
    

    
  

      
      
      
      

        Attached patch
          
          
        feedVerify.patchSplinter Review
      

    


  

        Attachment #8796889 -
        Attachment is obsolete: true

        Attachment #8802256 -
        Flags: review+

    
    

    
  
feedCertificate.patch should be applied first, thanks.
Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 52.0

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: