892273 - Add SSL failure errors to the Web Console

Status: NEW

(DevTools :: Console, enhancement, P2)

Description

[Dustin Oprea]

I recently lost a week trying to identify why Firefox was having issues acquiring the update-manifest for our extension, as well as having issues downloading the update.

I tried using a self-signed certificate and then, assuming that there was an issue there, I manufactured CA and IA certificates, added them to Firefox, and then signed my server certificate with the CA certificate. It worked with Chrome, but I couldn't get any progress with Firefox. I've had the console open during all of this, and the only thing it would ever say was that it was checking for an update, as well as echoing what URL it was checking. It never said anything further in either the addons interface, nor the console.

Today, frustrated, I bought a RapidSSL certificate, and suddenly everything worked.

I could've/probably incorrectly registered the CA certificate, but all of this could have been significantly simplified if the SSL-related problems that Firefox was having would been pushed to the developer console.

I'd like to request that there be traps added for some of the standard, common SSL errors.

Comment 1

[Rob Campbell [:rc] (:robcee)]

adding Mark Goodwin to the CC list. We should definitely provide some SSL error reporting to the Console.

thanks for the report!

Comment 2

[Mark Goodwin [:mgoodwin]]

I'll work out what needs doing here. My guess is it'll end up happening as part of the ongoing "log all the security things" work.

Comment 3

[Dustin Oprea]

SSL-type errors are always those that you fear will be painstakingly elusive and poorly logged, no matter what platform you're on. Maybe we could seek forgiveness for troublesome addon debugging by making SSL stuff more transparent than the other platforms.

Comment 4

[Garrett Robinson [:grobinson]]

Added to the metabug for logging security errors/warnings to the developer console (Bug 863874). cc'ing ialagenchev and Kailas, who are working on security messaging (Bug 897240) and improving SSL error reporting (Bug 898712), respectively.

Comment 5

[Ivan Alagenchev :ialagenchev]

What is the relationship between this bug and the ssl messages in bug 898712? Apparently there are some messages already, what other messages are we talking about?

Comment 6

[Mark Goodwin [:mgoodwin]]

(In reply to Ivan Alagenchev :ialagenchev from comment #5)
> What is the relationship between this bug and the ssl messages in bug
> 898712? Apparently there are some messages already, what other messages are
> we talking about?

Kailas' bug deals with adding category information to existing errors.

This is about adding new ones; there are a bunch of things that fail silently leaving users and developers with no clue as to what's failing. There's the case that caused this to be filed (extension update failure for self-signed certs), there are others with STS (e.g. bug 903006) and there are probably a few more.

I was waiting for you to be settled back before pinging you about where I could start with some of this as I thought you'd done a few of these already (perhaps I was mistaken).

Comment 7

[Ivan Alagenchev :ialagenchev]

(In reply to Mark Goodwin [:mgoodwin] from comment #6)
> Kailas' bug deals with adding category information to existing errors.
> I was waiting for you to be settled back before pinging you about where I
> could start with some of this as I thought you'd done a few of these already
> (perhaps I was mistaken).

No, I haven't done any work on these. I was eying this one myself as an interesting bug. Do you have any idea how to go about getting a list of all silent failures?

Comment 8

[Daniel Veditz [:dveditz]]

Unassigning Mark, who hasn't been around for a long time.