Closed Bug 763931 Opened 12 years ago Closed 12 years ago

SecReview: Expose TCP Socket - Investigate whether to handle cert errors in app or in a b2g system component

Categories

(mozilla.org :: Security Assurance, task)

Product:
mozilla.org
Component:
Security Assurance
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: curtisk, Assigned: pauljt)

References

(
URL
)

Details

(Whiteboard: [action item])

SecReview Action Item bug Investigate whether to handle cert errors in app or in a b2g system component
TCPSocket uses existing necko code to create a socket: http://mxr.mozilla.org/mozilla-central/source/dom/network/src/TCPSocketChild.cpp#90 Just testing now to determine behavior when cert errors are experienced.
Certificate errors result in connection failure, and the onError function of the socket is fired. The user is not prompted at all. E.g. given the code below which connects to a socket listening with a self-signed cert, the error function will be called. function connectSockSSL() { sock = navigator.mozTCPSocket.open('127.0.0.1', '7778', { binaryType: 'arraybuffer',useSSL:true }); sock.onopen = open; sock.ondrain = null; sock.ondata = log sock.onerror = error sock.onclose = log }
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.