Edit button for Web Site certs shows wrong interface



Core Graveyard
Security: UI
17 years ago
11 months ago


(Reporter: Sean Cotter, Assigned: Rangan Sen)


1.0 Branch
Windows NT

Firefox Tracking Flags

(Not tracked)


(Whiteboard: need reporter & engineering feedback)


(5 attachments)



17 years ago
The Edit button for Web Site certs curently opens up the dialog for editing CA 
certs. Instead it should open a dialog box that looks like this:

This certificate:  [hostname from cert]
was issued by: [name of issuer]

[next sentence varies depending on trust for this cert's CA. If the CA is not 
trusted, it reads as follows:]

Because you do not trust the certificate authority that issued this certificate, 
you do not trust the authenticity of this certificate unless otherwise indicated 

[If the CA is trusted, it reads as follows:]

Because you trust the certificate authority that issued this certificate, you 
trust the authenticity of this certificate unless otherwise indicated here. 

Edit certificate trust settings:

[these are radio buttons]

x  Trust the authenticity of this certificate.
x  Do not trust the authenticity of this certificate.

[Edit... button] Edit certificate authority trust settings.

The help target for this dialog is ?edit_web_certs.

The above changes will bring this dialog into line with PSM 1.4. 


- should the window title for this and other cert edit windows be "Edit 
Certificate Settings" as in PSM 1.4? Currently the window title is the name of 
the cert.

- Do we want this dialog to reflect the cert chain graphically, along the lines 
of the new View window?

Comment 1

17 years ago
Changed target to 2.0.
Target Milestone: --- → 2.0


17 years ago
Ever confirmed: true


17 years ago
Depends on: 64128

Comment 2

17 years ago
Darn.  somehow in my last big checkin, I implemented this but missed some text.
 What I have says:

This certificate X was issued by Y.

Edit certificate trust settings

I'm missing the text about whether or not the issuer is trusted.  I will attach
a screenshot.

This is still a bug then.  We need to make a decision whether this is to be
fixed now or not.

Comment 3

17 years ago
Created attachment 35949 [details]
edit web site cert trust interface

Comment 4

17 years ago
(Oh yeah, just a note about that image; that really is a self-signed cert, I'm
not showing the wrong issuer :)

Comment 5

16 years ago
Just to clarify, two things are still missing from this dialog:

- text above the radio buttons that varies according to trust state of cert

- Edit button labeled "Edit certificate authority trust settings"

The idea with the Edit button is that if you want to fix the CA trust settings,
you can do it from here, immediately, rather than navigating to the Authorities
panel. This button was present in PSM 1.x.

Also, the window title in the latest build is "Edit certificate trust". It's a
nit, but I would prefer "Edit certificate trust settings".

Comment 6

16 years ago
Priority: -- → P2

Comment 7

16 years ago

Is this almost done or is it a lot more work?

Comment 8

16 years ago
Mass reassigning target to 2.1
Target Milestone: 2.0 → 2.1


16 years ago
Keywords: nsenterprise

Comment 9

16 years ago
Assignee: mcgreer → rangansen


16 years ago
Target Milestone: 2.1 → Future

Comment 10

16 years ago
removing nsenterprise keyword from PSM bugs with target milestone of future.
Keywords: nsenterprise

Comment 11

16 years ago
Mass assigning QA to ckritzer.
QA Contact: junruh → ckritzer

Comment 12

16 years ago
Created attachment 44624 [details] [diff] [review]

Comment 13

16 years ago
Adding the window sizing and typo foxes as well - This patch fixes this bug, as
well as bug# 82887

Comment 14

16 years ago
Created attachment 44944 [details] [diff] [review]

Comment 15

16 years ago
A few comments:

1) On the following line: 
<script src="chrome://global/content/strres.js" />

add 'type="application/x-javascript"' inside the script tag.

2) Why is this block commented out?  Should it even be included?

+  if(cacert == null)
+  {
+     var editButton = document.getElementById('editca-button');
+  }

Fix 1, and you'll have r=javi


16 years ago

Comment 16

16 years ago
Created attachment 45142 [details] [diff] [review]
new patch

Comment 17

16 years ago
Done...Removed the commented part too. It was originally intended to hide the
'edit root ca' button' if root ca was unknown - I forgot to remove that later.


16 years ago
Keywords: patch, review

Comment 18

16 years ago
My only comment is that the id "explanations" is mispelled as "explainations"

Other than that, sr=hewitt

Comment 19

16 years ago
Patch checked in.
I would also like to point out that the window, being persistent, remembers the
older value, and might show sizing issues first time, depending on the profile
used [bug# 94755]. This might be resized, though.
Last Resolved: 16 years ago
Resolution: --- → FIXED

Comment 20

16 years ago

1) The correct interface is being shown after clicking the [Edit] button for Web
Site cert(s) - the basic bug is fixed

2) The title of the Edit dialogue is still "Edit certificate trust" and not
"Edit certificate trust settings"

3) I need some assistance with getting a cert from a 'trusted authority'. I can
see the text in the "Edit certificate trust" dialogue which starts out with
"Because you do not trust the certificate authority...", but I need to check out
a trusted certificate authority to verify the text changes.

Any suggests?  Do we have an internal site which will do this?  Or perhaps the USPS?

Sean, are you happy with the text title in #2 above?  If not, we can hold this
bug open, or open a new bug.  Let me know.
Whiteboard: need reporter & engineering feedback

Comment 21

16 years ago
Regarding #3, one way to do that might be - go to https://www.hotmail.com - a
dialog for domain name mismatch would come up, and check on 'remember this cert
permanently'. CA for this cert is RSA, and that would be included in the list of
CA's available when Netscape6 is installed.

Comment 22

16 years ago
To check the case where the web site cert is from a trusted authority, just
click "Edit CA trust" and select all three boxes. Next time you open the same
web site cert, you'll see the text for the trusted CA case.

I'm not so concerned about "settings" in the title name per se, but there are
two other issues that do concern me:

- "Edit trust settings" is the title for both this dialog (editing web site cert
trust settings) and the equivalent dialog for editing CA trust settings. I would
prefer to see these dialogs distinguished more clearly: "Edit web site
certificate trust settings" for this case and "Edit CA certificate trust
settings" for the other.

- The dialog opens to a huge size, with a bunch of white space above and below
the radio buttons. Surely this isn't necessary. The dialog can be resized by
hand to more reasonable dimensions without losing anything.

Both of these are relatively minor complaints that probably are less important
than other UI changes in progress. It's up to you whether to close this bug or
keep it open for a future release.

Comment 23

16 years ago
The window sizing trouble [that the window is too long] is probably effect of
persistence and would vanish once a new profile is used [for now]. This issue
for editcert as well as deletecert windows is being addressed in bug# 95441. 

Comment 24

16 years ago
Created attachment 45940 [details] [diff] [review]
patch to fix the title problem ... sorry I missed that

Comment 25

16 years ago

Comment 26

16 years ago

Comment 27

16 years ago
I'll verify this with tomorrow morning's builds...

Comment 28

16 years ago
Patch Checked in. 
This would fix the window title problem. To get proper sized window, it would
still be needed to use fresh profile[for now, till we check in patch to bug#
95411]. Also, the 'Edit Web Site Cert' window still has a awkward layout [bug#
82887] - I do not have a fix for that yet.... 

Comment 29

16 years ago
Okay, I noticed something else odd today...

Changing the state of the radio buttons seems to have no effect on the text
above it which starts either as "Because you trust the..." or "Because you don't
trust the...".  When the text indicates trust, changing the radio button to
'trust' and selecting the [OK] button will not change the state of the text when
you open the edit window back up again.

What *does* seem to make a difference (whether you change the radio button or
not) is when you change the state of the checkboxes in the "Edit Certificate
trust" window (turn them all off or one/all on).  When all checkboxes are
unchecked, the text changes to "don't trust" & when one or more checkboxes are
checked, the text will change to "trust"

Comment 30

16 years ago
I believe the text "Because you trust the..." or "Because you don't trust
the...".   should actually change only when the trust of the issuer CA is
changed [eg, by clicking the 'Edit CA' button, and opening trust settings window
for the CA], because this text reflects the default trust of this ssl cert,
which is defined by the trust on its CA.
But, even if we do not trust/know the CA, we can choose to trust this particular
web site cert [or,the other way round]by checking the radio button 'Trust the
authenticity of...'. So next time we open the edit dialog, we still have the
same text 'Because you do not trust..' showing up, but the button 'trust the
authenticity..' is checked, indicating we trust this ssl cert, though its CA is
not trusted.

Still, putting in some text to indicate the 'actual' trust status might make it
easier for users to understand.

Comment 31

16 years ago
Change the target of bugs with state 'RESOLVED' and target 'Future' to target
'2.1' since they were fixed for the 2.1 release.
Target Milestone: Future → 2.1

Comment 32

16 years ago
Using win Build ID 20010919-0.9.4, I verified the following:
Use a fresh profile.
Got to https://beaver.mcom.com
You don't have the CA cert, so you're told so.  Remember the cert permanently.
Go to cert manager, web cert tab, edit the cert
Click on Edit CA trust -> get a dialog that you don't have the CA cert.
close cert manager.
Go to http://juggler.mcom.com
Click retrieval tab and import CA cert When the trust setting pop up, do not
check anything.
open cert manager, web cert tab.
edit cert.  The message says that you don't trust the CA cert.
go to authorities tab.
Edit the CA and trust it.
go to web cert tab.
edit the cert.
it says you trust the CA.
You can edit the CA trust.

I think it's verified.

Comment 33

16 years ago
Verified on 9/19 WinNT branch.


13 years ago
Component: Security: UI → Security: UI
Product: PSM → Core


9 years ago
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.