Closed
Bug 787874
Opened 12 years ago
Closed 5 years ago
Warn or work around addon update check issues when security software messes with SSL certs
Categories
(Toolkit :: Add-ons Manager, defect)
Toolkit
Add-ons Manager
Tracking
()
RESOLVED
INACTIVE
People
(Reporter: Unfocused, Unassigned)
References
Details
Some security software inspects SSL traffic - they do this by installing their own certificate and acting as an intercepting proxy (basically, a legitimate MiTM). eg, ESET was doing this and causing bug 785893.
This is a little worrying because it trips our certificate checks for addon update checks (including hotfix updates), causing addon updates to fail - which will include security fixes.
I'm wondering if we can detect the (legitimate) common cases of this, and warn the user. Or just accept the certificate, assuming we are *sure* its ok to do so.
Comment 1•12 years ago
|
||
Currently app update checks are even more strict and will get blocked in the same way by this. The security team want this for add-on update checks too (bug 643461) and we already have it implemented for the hotfix add-on.
I'm not sure that working around it is a good idea, but warning seems reasonable. I imagine if you're getting the same CA for multiple websites then that is a bad sign, perhaps.
Comment 2•12 years ago
|
||
see also bug 774395
Updated•5 years ago
|
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•