Clear site preferences does not clear permanent security certificate exception for the website

NEW
Assigned to

Status

()

--
enhancement
6 years ago
2 years ago

People

(Reporter: AdrianT, Assigned: manoj0011989)

Tracking

14 Branch
ARM
Android
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [lang=js][lang=java])

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
Created attachment 623107 [details]
logs

Firefox Native 14.0b1 build 3
Device: HTC Desire (Android 2.2)

Steps to reproduce:
1. Go to https://fisheye.last.fm
2. Add a permanent SSL Certificate Error.
3. Try to clear the website preferences. 

Expected results:
Since there is no certificate manager clearing the site preferences should clear the certificate exception.

Actual results:
The security certificate exceptions are not clear. Without a certificate manager clearing user settings should also clear the certificate since an exception is a "Site preference".
Clearing private data also does not remove exceptions.
This is basically a dupe of bug 436076.

Updated

6 years ago
Summary: Clear site preferences does not clear permanent security certificate exception for the website → Request for certificate management
Whiteboard: [14.0b1]

Updated

6 years ago
Severity: normal → enhancement
aaronmt: I think you've misunderstood this bug. It is not a request for a certificate management UI. It is saying that if you add an SSL cert exception for a site, and then "clear site preferences" for that site, it should clear the exception. Which, given that we now have a per-site preferences system (don't we?), I believe it should.

Gerv
Summary: Request for certificate management → Clear site preferences does not clear permanent security certificate exception for the website
We talked about adding this to the site settings dialog. I can mentor someone through that (or a different solution if we come up with one...)
Whiteboard: [14.0b1] → [mentor=wesj][lang=js][lang=java]
(Assignee)

Comment 4

5 years ago
Hi I am new to Mozilla. I would like to work on this.

manoji

Updated

5 years ago
Assignee: nobody → manoj0011989
Wes is there additional info that would be helpful?
Flags: needinfo?(wjohnston)
Sorry for the delay. First step is to get a build done. If you're still interested, have you done that? The instructions at https://wiki.mozilla.org/Mobile/Fennec/Android are long, but thorough. The rest of this is just me digging around to see how you could fix this. I wouldn't bother reading it until you've got a build going :)

This clear site settings dialog is handled in the PermissionsHelper:
http://mxr.mozilla.org/mozilla-central/source/mobile/android/chrome/content/PermissionsHelper.js#45

You'll need to add an object for the cert override, and specify some strings for it in the properties file:
http://mxr.mozilla.org/mozilla-central/source/mobile/android/locales/en-US/chrome/browser.properties

The next step will be to implement something in getPermission to handle checking if there is a cert override for this host/port:
http://mxr.mozilla.org/mozilla-central/source/mobile/android/chrome/content/PermissionsHelper.js#122

I think we can use this getAllOverrideHostsWithPorts function from the certOverrideService. We'll have to loop over all the overrides and see if any matchthis page
http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/public/nsICertOverrideService.idl#117

You can see some other examples of us getting and using the service here: http://mxr.mozilla.org/mozilla-central/source/mobile/android/chrome/content/exceptions.js#15

Finally, you'll need to actually clear the override when asked to. i.e. we'll have to special case this in here http://mxr.mozilla.org/mozilla-central/source/mobile/android/chrome/content/PermissionsHelper.js#152 and use the override service's clearValidityOverride method.

That's a bit vague of a braindump of what I think should work. Hollar if you need guidence on your way through it. And thanks!
Flags: needinfo?(wjohnston)
(Assignee)

Comment 7

5 years ago
Yes, very much interested . I built firefox thanks to some help form gcp . I will work on it this weekend , thanks for the info :).
Mentor: wjohnston
Whiteboard: [mentor=wesj][lang=js][lang=java] → [lang=js][lang=java]
Mentor: wjohnston2000
You need to log in before you can comment on or make changes to this bug.