Unknown CA alert is horked

VERIFIED FIXED in psm2.1

Status

P2
major
VERIFIED FIXED
18 years ago
2 years ago

People

(Reporter: mpt, Assigned: hwaara)

Tracking

({regression})

1.0 Branch
psm2.1
regression

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: approved for 0.9.3 [ckritzer], URL)

Attachments

(8 attachments, 1 obsolete attachment)

(Reporter)

Description

18 years ago
Build: 2001071804, Mac OS 9.1

To reproduce:
1.  Go to an URL which uses a secure certificate for which Mozilla does not
    recognize the CA.

What you see:
+-----------------------------------------------------+
|::::::::::::: Security Error: Unknown CA ::::::::::::|
+-----------------------------------------------------+
| "monitor.inter-touch.net" is a web site that uses a |
| security certificate to identify itself. However,   |
| Mozilla does not recognize the Certificate          |
| Authority that issued this certificate.             |
|                                                     |
| Although the Certificate Authority is unrecognized, |
| you can choose to explicitly accept the certificate |
| used by this web site.                              |
|                                                     |
| Before accepting this certificate, you should       |
| examine this site's certificate carefully.          |
|                                                     |
| Are you willing to accept this certificate for the  |
| purpose of identifying the web site                 |
| "monitor.inter-touch.net"?                          |
|                                                     |
| ( ) Accept this certificate permanently             |
| (*) Accept this certificate temporarily for this    |
|     session                                         |
| ( ) Do not accept this certificate and do not       |
|     connect to this web site                        |
| ( View Certificate )                                |
|                                                     |
| (   OK   ) ( Cancel ) (  Help  )                    |
|                                                     |
|                                                     |
|                                                     |
|                                                     |
|                                                     |
+-----------------------------------------------------+

What was expected:
*   An alert which looks like an alert, i.e. one which uses the /!\ icon and
    does not have a title.
*   Text short enough for people to bother reading, instead of coming to the
    counter and asking me for help.
*   Buttons, not radio buttons, used for commands.
*   `OK' and `Cancel' buttons in the correct order and in the right corner of
    the alert.
*   Only 12 pixels space between the bottom of the `Cancel' button and the
    bottom of the alert, not 40 pixels (see also bug 85809).

What you should see:

+-----------------------------------------------------+
|:::::::::::::::::::::::::::::::::::::::::::::::::::::|
+-----------------------------------------------------+
|   .   There is a problem with the security          |
|  /!\  certificate for "monitor.inter-touch.net".    |
|  """  Do you want to continue?                      |
|                                                     |
|       (X) The certificate was issued by a           |
|           Certificate Authority which Mozilla does  |
|           not recognize.                            |
|                                                     |
|                               ( View _Certificate ) |
|                                                     |
|       [ ] Remember this decision for _all           |
|           certificates from www.inter-touch.net     |
|                                                     |
| [?]                       ( Cancel ) (( Continue )) |
+-----------------------------------------------------+

Comment 1

18 years ago
personally i'd like a 
[ ] Remember this decision for all certificates with this _problem
(Reporter)

Comment 2

18 years ago
If that checkbox was a good idea, we shouldn't be putting up this alert at all 
in the first place.
(Assignee)

Comment 3

18 years ago
Note to bug owner: I am trying to fix this...
In which case, you can have it :-) If you stop working on it, assign it back to 
me.

Gerv
Assignee: gervase.markham → hwaara
(Assignee)

Comment 5

18 years ago
Here is the new spec I and mpt came up with during an IRC session (some
tradeoffs made, but overall, it's as good as the previous one IMHO):

+-----------------------------------------------------+
|:::::::::::::::::::::::::::::::::::::::::::::::::::::|
+-----------------------------------------------------+
|   .   There is a problem with the security          |
|  /!\  certificate for "monitor.inter-touch.net".    |
|  """  Do you want to continue?                      |
|                                                     |
|       The certificate was issued by a               |
|       Certificate Authority which Mozilla does      |
|       not recognize.                                |
|                                                     |
|                               ( View _Certificate ) |
|                                                     |
|       [ ] Always accept this certificate            |
|                                                     |
| ( Help )                  ( Cancel ) (( Continue )) |
+-----------------------------------------------------+

I'm working hard on implementing every detail. It'll look gorgeous once it's
finished!

Updated

18 years ago
Priority: -- → P2
Target Milestone: --- → 2.1
Version: unspecified → 2.0
(Assignee)

Comment 6

18 years ago
Ok, here goes...
Status: NEW → ASSIGNED
(Assignee)

Comment 7

18 years ago
Created attachment 43330 [details] [diff] [review]
Before (screenshot)
(Assignee)

Comment 8

18 years ago
Created attachment 43331 [details]
Before (Erh, attach as GIF this time)
(Assignee)

Comment 9

18 years ago
Created attachment 43332 [details]
After (screenshot)
(Assignee)

Comment 10

18 years ago
Created attachment 43333 [details] [diff] [review]
Patch for the goodness.

Comment 11

18 years ago
I don't like 'always accept this certificate'
(Reporter)

Comment 12

18 years ago
Nor do I, now I think about it some more. (As opposed to ... Remember this 
certificate 50 % of the time?)


Try:

[ ] Remember this certificate permanently

The Cancel/Continue button order is wrong on Windows, that probably needs to be 
fixed before this can be checked in.
(Assignee)

Comment 13

18 years ago
Created attachment 43369 [details]
New screenshot
(Assignee)

Comment 14

18 years ago
Created attachment 43370 [details] [diff] [review]
Patch for the screenshot, which incorporates all of mpt's comments
(Assignee)

Comment 15

18 years ago
Got mpt's UI approval: <mpt> hwaara: That's gorgeous!

And now I need r= and sr=. I want this in for 0.9.3 btw.
(Assignee)

Comment 16

18 years ago
Created attachment 43459 [details] [diff] [review]
Better patch. Last patch was horked due to unknown forces.

Comment 17

18 years ago
sr=hewitt once hwaara makes one change I suggested to him via AIM

Comment 18

18 years ago
I'd like to reword the text at the top of the warning as follows:

----
There is a problem with the certificate that identifies "[cert subject name]".
Do you want to continue?

The certificate was issued by a certificate authority that [name of browser]
does not recognize.
----

Reasoning:

- Mostly the rest of the UI uses just "certificate" rather than "security
certificates," which is a leftover from 4.x. 

- It may help to indicate that the certificate in question identifies the web
site (as opposed to--possibly--a client cert that identifies the user to the web
site). 

- "certificate authority" is lowercase most places, I think.

Help will need changes to match the new design. But it should be shorter as a
result, and hopefully fewer people will feel like they need it.

I can give r=cotter on the revised text (as shown above, assuming nobody else
has any objections), but don't trust me on the code.
(Assignee)

Comment 19

18 years ago
Created attachment 43523 [details] [diff] [review]
Final patch. Hewitt's and Sean's comments incorporated.
(Assignee)

Comment 20

18 years ago
javi promised to do a final review and checkin.

thanks!

Comment 21

18 years ago
It seems that your patch doesn't set the key-bindings for return and ESC.  Why
aren't those set anymore? 
(Assignee)

Comment 22

18 years ago
Created attachment 43533 [details] [diff] [review]
fixed keys to work too.

Comment 23

18 years ago
r=javi

Will check in once tree opens.
a=dbaron on behalf of drivers for trunk checkin during 0.9.3 closure
Whiteboard: approved for 0.9.3

Comment 25

18 years ago
Patch checked in.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED

Comment 26

18 years ago
Verified fixed.
Status: RESOLVED → VERIFIED

Comment 27

18 years ago
There are two problems with this patch:

1) I am not sure whether it was this patch, or something else, but accepting
unknown certificates stopped working at all for me - both "Continue" and
"Cancel" buttons in the new dialog behave exactly the same for me - Mozilla is
not going to the site I want it to go. I tried it on several sites and it is
100% always reproducible, no matter whether I select "remember" or not.

2) Help button brings help window that explains the *old* dialog.
I am using Build ID 2001072923 from mozilla.org RH7 RPMs on RH 7.1
Status: VERIFIED → REOPENED
OS: Mac System 9.x → All
Hardware: Macintosh → All
Resolution: FIXED → ---

Comment 28

18 years ago
works for me on Linux commercial build 2001080106.
Status: REOPENED → RESOLVED
Last Resolved: 18 years ago18 years ago
Resolution: --- → WORKSFORME

Comment 29

18 years ago
There is something very weird going on, because this is horked for me on my
daily build on Linux.  :(

Comment 30

18 years ago
I also see the same problem with "continue" not doing anything on another RedHat
7.1 machine running Build ID 2001072711 (from mozilla.org RPMs).

Also, I assume that WFM was about problem 1, what about problem 2 (outdated help
files)?

P.S. The last time I saw a problem with something working in commercial builds,
but not in RedHat 7 RPMs was when some variable was used uninitialized (I guess
the commercial build compilers initiazes them anyway). Can this be the case here?
Status: RESOLVED → REOPENED
Keywords: regression
Resolution: WORKSFORME → ---

Comment 31

18 years ago
Severity => major since currently it's impossible to access sites with unknows
CA on affected platforms.
Severity: normal → major
Keywords: regression

Comment 32

18 years ago
*** Bug 93045 has been marked as a duplicate of this bug. ***

Updated

18 years ago
Keywords: regression
(Assignee)

Comment 33

18 years ago
log a new bug please.  i'll fix it when i'm back from my vacation.
(Assignee)

Comment 34

18 years ago
at least the ui's not horked any longer. ;)

fixed.
Status: REOPENED → RESOLVED
Last Resolved: 18 years ago18 years ago
Resolution: --- → FIXED

Comment 35

18 years ago
I have reported the problem of an outdated help file - bug 94104

I can no longer repproduce the problem of "continue" not working on BuildId
2001080600. If somebody still can, please log a new bug on that and add a note
to this bug.

Comment 36

18 years ago
*** Bug 94401 has been marked as a duplicate of this bug. ***
(Assignee)

Updated

18 years ago
Blocks: 94905
(Assignee)

Updated

18 years ago
No longer blocks: 94905
(Assignee)

Updated

18 years ago
Depends on: 94905

Comment 37

18 years ago
Marking VERIFIED FIXED on:
Win2k  2001-08-10-10-trunk Commercial
MacOSX 2001-08-10-05-trunk Commercial
Status: RESOLVED → VERIFIED
Whiteboard: approved for 0.9.3 → approved for 0.9.3 [ckritzer]

Comment 38

18 years ago
*** Bug 97871 has been marked as a duplicate of this bug. ***

Comment 39

17 years ago
Verified on
build: 2001-09-13-0.9.4
platform: Win NT

When attempting to load the site where CA is not recognized, the warning dialog
does show up correctly.

Comment 40

15 years ago
Comment on attachment 43330 [details] [diff] [review]
Before (screenshot)

Since the mime type is wrong and a new attachment has been posted, this
attachment is obsolete.
Attachment #43330 - Attachment is obsolete: true

Updated

14 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

11 years ago
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.