Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 77431 - Edit button for Web Site certs shows wrong interface
: Edit button for Web Site certs shows wrong interface
need reporter & engineering feedback
Product: Core Graveyard
Classification: Graveyard
Component: Security: UI (show other bugs)
: 1.0 Branch
: x86 Windows NT
: P2 normal (vote)
: psm2.1
Assigned To: Rangan Sen
: ckritzer (gone)
Depends on: 64128
  Show dependency treegraph
Reported: 2001-04-24 15:31 PDT by Sean Cotter
Modified: 2016-09-27 13:03 PDT (History)
2 users (show)
See Also:
QA Whiteboard:
Iteration: ---
Points: ---

edit web site cert trust interface (18.31 KB, image/jpeg)
2001-05-24 05:42 PDT, Ian McGreer
no flags Details
patch (5.63 KB, patch)
2001-08-03 14:26 PDT, Rangan Sen
no flags Details | Diff | Splinter Review
patch (10.29 KB, patch)
2001-08-07 10:35 PDT, Rangan Sen
no flags Details | Diff | Splinter Review
new patch (10.17 KB, patch)
2001-08-08 15:13 PDT, Rangan Sen
no flags Details | Diff | Splinter Review
patch to fix the title problem ... sorry I missed that (3.40 KB, patch)
2001-08-15 11:36 PDT, Rangan Sen
no flags Details | Diff | Splinter Review

Description Sean Cotter 2001-04-24 15:31:29 PDT
The Edit button for Web Site certs curently opens up the dialog for editing CA 
certs. Instead it should open a dialog box that looks like this:

This certificate:  [hostname from cert]
was issued by: [name of issuer]

[next sentence varies depending on trust for this cert's CA. If the CA is not 
trusted, it reads as follows:]

Because you do not trust the certificate authority that issued this certificate, 
you do not trust the authenticity of this certificate unless otherwise indicated 

[If the CA is trusted, it reads as follows:]

Because you trust the certificate authority that issued this certificate, you 
trust the authenticity of this certificate unless otherwise indicated here. 

Edit certificate trust settings:

[these are radio buttons]

x  Trust the authenticity of this certificate.
x  Do not trust the authenticity of this certificate.

[Edit... button] Edit certificate authority trust settings.

The help target for this dialog is ?edit_web_certs.

The above changes will bring this dialog into line with PSM 1.4. 


- should the window title for this and other cert edit windows be "Edit 
Certificate Settings" as in PSM 1.4? Currently the window title is the name of 
the cert.

- Do we want this dialog to reflect the cert chain graphically, along the lines 
of the new View window?
Comment 1 Sean Cotter 2001-04-26 09:52:24 PDT
Changed target to 2.0.
Comment 2 Ian McGreer 2001-05-24 05:41:43 PDT
Darn.  somehow in my last big checkin, I implemented this but missed some text.
 What I have says:

This certificate X was issued by Y.

Edit certificate trust settings

I'm missing the text about whether or not the issuer is trusted.  I will attach
a screenshot.

This is still a bug then.  We need to make a decision whether this is to be
fixed now or not.
Comment 3 Ian McGreer 2001-05-24 05:42:32 PDT
Created attachment 35949 [details]
edit web site cert trust interface
Comment 4 Ian McGreer 2001-05-24 05:43:32 PDT
(Oh yeah, just a note about that image; that really is a self-signed cert, I'm
not showing the wrong issuer :)
Comment 5 Sean Cotter 2001-05-29 14:42:18 PDT
Just to clarify, two things are still missing from this dialog:

- text above the radio buttons that varies according to trust state of cert

- Edit button labeled "Edit certificate authority trust settings"

The idea with the Edit button is that if you want to fix the CA trust settings,
you can do it from here, immediately, rather than navigating to the Authorities
panel. This button was present in PSM 1.x.

Also, the window title in the latest build is "Edit certificate trust". It's a
nit, but I would prefer "Edit certificate trust settings".
Comment 6 David P. Drinan 2001-05-31 14:49:54 PDT
Comment 7 David P. Drinan 2001-06-07 13:57:56 PDT

Is this almost done or is it a lot more work?
Comment 8 Stephane Saux 2001-06-22 17:19:52 PDT
Mass reassigning target to 2.1
Comment 9 Stephane Saux 2001-07-18 14:37:10 PDT
Comment 10 Stephane Saux 2001-07-25 22:46:49 PDT
removing nsenterprise keyword from PSM bugs with target milestone of future.
Comment 11 John Unruh 2001-08-01 12:08:29 PDT
Mass assigning QA to ckritzer.
Comment 12 Rangan Sen 2001-08-03 14:26:07 PDT
Created attachment 44624 [details] [diff] [review]
Comment 13 Rangan Sen 2001-08-07 10:34:31 PDT
Adding the window sizing and typo foxes as well - This patch fixes this bug, as
well as bug# 82887
Comment 14 Rangan Sen 2001-08-07 10:35:28 PDT
Created attachment 44944 [details] [diff] [review]
Comment 15 Javier Delgadillo 2001-08-07 10:59:30 PDT
A few comments:

1) On the following line: 
<script src="chrome://global/content/strres.js" />

add 'type="application/x-javascript"' inside the script tag.

2) Why is this block commented out?  Should it even be included?

+  if(cacert == null)
+  {
+     var editButton = document.getElementById('editca-button');
+  }

Fix 1, and you'll have r=javi
Comment 16 Rangan Sen 2001-08-08 15:13:37 PDT
Created attachment 45142 [details] [diff] [review]
new patch
Comment 17 Rangan Sen 2001-08-08 15:14:01 PDT
Done...Removed the commented part too. It was originally intended to hide the
'edit root ca' button' if root ca was unknown - I forgot to remove that later.
Comment 18 Joe Hewitt (gone) 2001-08-10 15:14:13 PDT
My only comment is that the id "explanations" is mispelled as "explainations"

Other than that, sr=hewitt
Comment 19 Rangan Sen 2001-08-10 17:19:51 PDT
Patch checked in.
I would also like to point out that the window, being persistent, remembers the
older value, and might show sizing issues first time, depending on the profile
used [bug# 94755]. This might be resized, though.
Comment 20 ckritzer (gone) 2001-08-15 07:27:04 PDT

1) The correct interface is being shown after clicking the [Edit] button for Web
Site cert(s) - the basic bug is fixed

2) The title of the Edit dialogue is still "Edit certificate trust" and not
"Edit certificate trust settings"

3) I need some assistance with getting a cert from a 'trusted authority'. I can
see the text in the "Edit certificate trust" dialogue which starts out with
"Because you do not trust the certificate authority...", but I need to check out
a trusted certificate authority to verify the text changes.

Any suggests?  Do we have an internal site which will do this?  Or perhaps the USPS?

Sean, are you happy with the text title in #2 above?  If not, we can hold this
bug open, or open a new bug.  Let me know.
Comment 21 Rangan Sen 2001-08-15 10:16:53 PDT
Regarding #3, one way to do that might be - go to - a
dialog for domain name mismatch would come up, and check on 'remember this cert
permanently'. CA for this cert is RSA, and that would be included in the list of
CA's available when Netscape6 is installed.
Comment 22 Sean Cotter 2001-08-15 10:23:29 PDT
To check the case where the web site cert is from a trusted authority, just
click "Edit CA trust" and select all three boxes. Next time you open the same
web site cert, you'll see the text for the trusted CA case.

I'm not so concerned about "settings" in the title name per se, but there are
two other issues that do concern me:

- "Edit trust settings" is the title for both this dialog (editing web site cert
trust settings) and the equivalent dialog for editing CA trust settings. I would
prefer to see these dialogs distinguished more clearly: "Edit web site
certificate trust settings" for this case and "Edit CA certificate trust
settings" for the other.

- The dialog opens to a huge size, with a bunch of white space above and below
the radio buttons. Surely this isn't necessary. The dialog can be resized by
hand to more reasonable dimensions without losing anything.

Both of these are relatively minor complaints that probably are less important
than other UI changes in progress. It's up to you whether to close this bug or
keep it open for a future release.
Comment 23 Rangan Sen 2001-08-15 10:57:54 PDT
The window sizing trouble [that the window is too long] is probably effect of
persistence and would vanish once a new profile is used [for now]. This issue
for editcert as well as deletecert windows is being addressed in bug# 95441. 
Comment 24 Rangan Sen 2001-08-15 11:36:06 PDT
Created attachment 45940 [details] [diff] [review]
patch to fix the title problem ... sorry I missed that
Comment 25 David P. Drinan 2001-08-15 11:47:25 PDT
Comment 26 Joe Hewitt (gone) 2001-08-15 14:44:48 PDT
Comment 27 ckritzer (gone) 2001-08-15 14:45:25 PDT
I'll verify this with tomorrow morning's builds...
Comment 28 Rangan Sen 2001-08-15 19:05:44 PDT
Patch Checked in. 
This would fix the window title problem. To get proper sized window, it would
still be needed to use fresh profile[for now, till we check in patch to bug#
95411]. Also, the 'Edit Web Site Cert' window still has a awkward layout [bug#
82887] - I do not have a fix for that yet.... 
Comment 29 ckritzer (gone) 2001-08-17 18:06:24 PDT
Okay, I noticed something else odd today...

Changing the state of the radio buttons seems to have no effect on the text
above it which starts either as "Because you trust the..." or "Because you don't
trust the...".  When the text indicates trust, changing the radio button to
'trust' and selecting the [OK] button will not change the state of the text when
you open the edit window back up again.

What *does* seem to make a difference (whether you change the radio button or
not) is when you change the state of the checkboxes in the "Edit Certificate
trust" window (turn them all off or one/all on).  When all checkboxes are
unchecked, the text changes to "don't trust" & when one or more checkboxes are
checked, the text will change to "trust"
Comment 30 Rangan Sen 2001-08-21 12:09:26 PDT
I believe the text "Because you trust the..." or "Because you don't trust
the...".   should actually change only when the trust of the issuer CA is
changed [eg, by clicking the 'Edit CA' button, and opening trust settings window
for the CA], because this text reflects the default trust of this ssl cert,
which is defined by the trust on its CA.
But, even if we do not trust/know the CA, we can choose to trust this particular
web site cert [or,the other way round]by checking the radio button 'Trust the
authenticity of...'. So next time we open the edit dialog, we still have the
same text 'Because you do not trust..' showing up, but the button 'trust the
authenticity..' is checked, indicating we trust this ssl cert, though its CA is
not trusted.

Still, putting in some text to indicate the 'actual' trust status might make it
easier for users to understand.
Comment 31 Stephane Saux 2001-09-10 09:58:52 PDT
Change the target of bugs with state 'RESOLVED' and target 'Future' to target
'2.1' since they were fixed for the 2.1 release.
Comment 32 Stephane Saux 2001-09-19 10:36:58 PDT
Using win Build ID 20010919-0.9.4, I verified the following:
Use a fresh profile.
Got to
You don't have the CA cert, so you're told so.  Remember the cert permanently.
Go to cert manager, web cert tab, edit the cert
Click on Edit CA trust -> get a dialog that you don't have the CA cert.
close cert manager.
Go to
Click retrieval tab and import CA cert When the trust setting pop up, do not
check anything.
open cert manager, web cert tab.
edit cert.  The message says that you don't trust the CA cert.
go to authorities tab.
Edit the CA and trust it.
go to web cert tab.
edit the cert.
it says you trust the CA.
You can edit the CA trust.

I think it's verified.
Comment 33 John Unruh 2001-09-20 10:33:32 PDT
Verified on 9/19 WinNT branch.

Note You need to log in before you can comment on or make changes to this bug.