Closed Bug 744945 Opened 12 years ago Closed 12 years ago

Optionally allow Firefox to define its own SSL error behaviour (only if Firefox wants to override the default "prompts=never" and "logging=enabled")

Categories

(Firefox :: Security, enhancement)

Product:
Firefox
Component:
Security
Version:
17 Branch
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: KaiE, Unassigned)

References

Details

Attachments

(1 file, 1 obsolete file)

Patch v2 - illustrative, optional
3.34 KB, patch
Details | Diff | Splinter Review 
The Mozilla platform code provides a fallback mechanism that will show an error notification prompt when an error on an SSL socket occurrs, and no error handling exists that suppresses the prompt.

But 682329 introduces a mechanism for an application to override the default fallback behaviour.

Firefox might want to explicitly define its own default strategy.

I understand the default strategy should be either
  nsISSLErrorPromptFallback::BHV_DETECT_DOCSHELL
or
  nsISSLErrorPromptFallback::BHV_PROMPT_SUPPRESS

This bug suggests that the Firefox product owner makes a decision
and provides an implementation of nsISSLErrorPromptFallback
for contract "@mozilla.org/nsSSLErrorPromptFallback;1".
Attached patch Patch (obsolete) — Splinter Review 
Assignee: nobody → kaie

        Attachment #614554 -
        Flags: superreview?(bzbarsky)

        Attachment #614554 -
        Flags: review?(honzab.moz)

    
    

    
  
Comment on attachment 614554 [details] [diff] [review]
Patch

sr=me

        Attachment #614554 -
        Flags: superreview?(bzbarsky) → superreview+

    
    

    
  
This patch will become unnecessary, if Mozilla decides that the prompts will be disabled by default (as in the most recent propsal in bug 682329 patch v8).
Depends on: 682329

    
    

    
  
Comment on attachment 614554 [details] [diff] [review]
Patch

For now releasing the review, but still on my radar, we may use some modification of this patch.

        Attachment #614554 -
        Flags: review?(honzab.moz)

    
    

    
  
It sounds like this is WONTFIX/INVALID now, per comment 3?

    
  
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE

    
    

    
  
reopening
Status: RESOLVED → REOPENED
Depends on: 785426
Resolution: INCOMPLETE → ---

    
  
Summary: Define Firefox's default fallback behaviour for SSL error prompts → Always supporess all SSL error prompts in Firefox's

    
  
Summary: Always supporess all SSL error prompts in Firefox's → Always suppress all SSL error prompts in Firefox's

    
    

    
  
This already was resolved and the dispute about it went all the way up to Brendan. AFAICT, that's the end of the road.
Status: REOPENED → RESOLVED
Closed: 12 years ago12 years ago
Resolution: --- → INVALID

    
    

    
  
I'm the module owner, and the solution here is appropriate.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---

    
  
Summary: Always suppress all SSL error prompts in Firefox's → Optionally allow Firefox to define its own SSL error behaviour (only if Firefox wants to override the default "prompts=never" and "logging=enabled")

    
  
Severity: major → enhancement
Target Milestone: Firefox 14 → ---
Version: 14 Branch → 17 Branch

    
    

    
  


  
completely optional patch for illustrative purposes

        Attachment #614554 -
        Attachment is obsolete: true

    
  
Assignee: kaie → nobody
Status: REOPENED → RESOLVED
Closed: 12 years ago12 years ago
Resolution: --- → WONTFIX

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: