Closed Bug 522780 Opened 15 years ago Closed 15 years ago

Improve description of untrusted certificate case when overriding

Categories

(Camino Graveyard :: Security, defect)

Product:
Camino Graveyard
Component:
Security
Platform:
All
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Camino2.1

People

(Reporter: stuart.morgan+bugzilla, Assigned: alqahira)

References

(
URL
)

Details

Attachments

(1 file)

Fix, v1.0
2.98 KB, patch
stuart.morgan+bugzilla
: superreview+
Details | Diff | Splinter Review
Split from bug 490188 comment 2 > The phrase in bug 453075 comment 3 ("not verified by a recognized authority") > is just the text Firefox uses for the untrusted case that we use a more generic > text (our InvalidCertMessageFormat) for. > [...] > we should [...] change our text post-2.0 to be more specific in the > untrusted case.
This is the error that Ilya's site returned this morning. The error page reports: The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) But the exception UI has vague "could not be verified" and the cert view UI has "is not trusted". Indeed, the "VeriSign Class 3 Secure Server CA" does not appear in the list of CAs.
Assignee: nobody → alqahira
URL: https://shop.rcn.com/
Version: Trunk → unspecified
Stuart, we currently use that string for two cases: "untrusted" http://mxr.mozilla.org/camino/source/camino/src/security/BrowserSecurityDialogs.mm#326 and a fallback http://mxr.mozilla.org/camino/source/camino/src/security/BrowserSecurityDialogs.mm#337 Do we want to leave InvalidCertMessageFormat for the fallback case, and write a new string for the more specific "untrusted" case ("not verified by a recognized authority" or whatever text we want)? I don't know if there are more cases than the three we have defined and the fallback is a fallback for those other cases, or if there are only three cases and this is a fallback for "somehow we didn't get any error flags", so let's just say it's untrusted--although I suppose either way it's better to just say "could not be verified" rather than erroneously claim it's because of an unknown/untrusted CA.
I don't remember which it is any more, but my comment sounds like I had decided it was just those cases, so we should in fact add a new, more specific string for untrusted.
Attached patch Fix, v1.0Splinter Review
I attempted to go with a more friendly version of the Firefox string, explaining a little more to the user what was going on. I'm not sure if I succeeded or not. We could also s/trusted/recognized/, but I chose "trusted" because NSS for whatever reasons includes ("recognizes") some CAs that aren't trusted (untrusted, expired, can't be verified). I went with "Certificate Authority" because 1) we use that language elsewhere in the UI and 2) what in the heck is a "recognized authority"? "authority" on what? "recognized" by whom? Ditto part 2 above on the inclusion of "Camino" in the string.
Attachment #459300 - Flags: superreview?(stuart.morgan+bugzilla)
Comment on attachment 459300 [details] [diff] [review] Fix, v1.0 sr=smorgan
Attachment #459300 - Flags: superreview?(stuart.morgan+bugzilla) → superreview+
http://hg.mozilla.org/camino/rev/0c6356992ec5
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: