Closed Bug 91466 Opened 23 years ago Closed 23 years ago

Unknown CA alert is horked

Categories

(Core Graveyard :: Security: UI, defect, P2)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
psm2.1

People

(Reporter: mpt, Assigned: hwaara)

References

(
URL
)

Details

(Keywords: regression, Whiteboard: approved for 0.9.3 [ckritzer])

Attachments

(8 files, 1 obsolete file)

Before (Erh, attach as GIF this time)
7.76 KB, image/gif
Details
After (screenshot)
4.95 KB, image/gif
Details
Patch for the goodness.
7.90 KB, patch
Details | Diff | Splinter Review
New screenshot
4.89 KB, image/gif
Details
Patch for the screenshot, which incorporates all of mpt's comments
8.08 KB, patch
Details | Diff | Splinter Review
Better patch. Last patch was horked due to unknown forces.
7.99 KB, patch
Details | Diff | Splinter Review
Final patch. Hewitt's and Sean's comments incorporated.
7.98 KB, patch
Details | Diff | Splinter Review
fixed keys to work too.
8.01 KB, patch
Details | Diff | Splinter Review
Build: 2001071804, Mac OS 9.1 To reproduce: 1. Go to an URL which uses a secure certificate for which Mozilla does not recognize the CA. What you see: +-----------------------------------------------------+ |::::::::::::: Security Error: Unknown CA ::::::::::::| +-----------------------------------------------------+ | "monitor.inter-touch.net" is a web site that uses a | | security certificate to identify itself. However, | | Mozilla does not recognize the Certificate | | Authority that issued this certificate. | | | | Although the Certificate Authority is unrecognized, | | you can choose to explicitly accept the certificate | | used by this web site. | | | | Before accepting this certificate, you should | | examine this site's certificate carefully. | | | | Are you willing to accept this certificate for the | | purpose of identifying the web site | | "monitor.inter-touch.net"? | | | | ( ) Accept this certificate permanently | | (*) Accept this certificate temporarily for this | | session | | ( ) Do not accept this certificate and do not | | connect to this web site | | ( View Certificate ) | | | | ( OK ) ( Cancel ) ( Help ) | | | | | | | | | | | +-----------------------------------------------------+ What was expected: * An alert which looks like an alert, i.e. one which uses the /!\ icon and does not have a title. * Text short enough for people to bother reading, instead of coming to the counter and asking me for help. * Buttons, not radio buttons, used for commands. * `OK' and `Cancel' buttons in the correct order and in the right corner of the alert. * Only 12 pixels space between the bottom of the `Cancel' button and the bottom of the alert, not 40 pixels (see also bug 85809). What you should see: +-----------------------------------------------------+ |:::::::::::::::::::::::::::::::::::::::::::::::::::::| +-----------------------------------------------------+ | . There is a problem with the security | | /!\ certificate for "monitor.inter-touch.net". | | """ Do you want to continue? | | | | (X) The certificate was issued by a | | Certificate Authority which Mozilla does | | not recognize. | | | | ( View _Certificate ) | | | | [ ] Remember this decision for _all | | certificates from www.inter-touch.net | | | | [?] ( Cancel ) (( Continue )) | +-----------------------------------------------------+
personally i'd like a [ ] Remember this decision for all certificates with this _problem
If that checkbox was a good idea, we shouldn't be putting up this alert at all in the first place.
Note to bug owner: I am trying to fix this...
In which case, you can have it :-) If you stop working on it, assign it back to me. Gerv
Assignee: gervase.markham → hwaara
Here is the new spec I and mpt came up with during an IRC session (some tradeoffs made, but overall, it's as good as the previous one IMHO): +-----------------------------------------------------+ |:::::::::::::::::::::::::::::::::::::::::::::::::::::| +-----------------------------------------------------+ | . There is a problem with the security | | /!\ certificate for "monitor.inter-touch.net". | | """ Do you want to continue? | | | | The certificate was issued by a | | Certificate Authority which Mozilla does | | not recognize. | | | | ( View _Certificate ) | | | | [ ] Always accept this certificate | | | | ( Help ) ( Cancel ) (( Continue )) | +-----------------------------------------------------+ I'm working hard on implementing every detail. It'll look gorgeous once it's finished!
Priority: -- → P2
Target Milestone: --- → 2.1
Version: unspecified → 2.0
Ok, here goes...
Status: NEW → ASSIGNED
Attached patch Before (screenshot) (obsolete) — Splinter Review
Attached image After (screenshot)
I don't like 'always accept this certificate'
Nor do I, now I think about it some more. (As opposed to ... Remember this certificate 50 % of the time?) Try: [ ] Remember this certificate permanently The Cancel/Continue button order is wrong on Windows, that probably needs to be fixed before this can be checked in.
Attached image New screenshot
Got mpt's UI approval: <mpt> hwaara: That's gorgeous! And now I need r= and sr=. I want this in for 0.9.3 btw.
sr=hewitt once hwaara makes one change I suggested to him via AIM
I'd like to reword the text at the top of the warning as follows: ---- There is a problem with the certificate that identifies "[cert subject name]". Do you want to continue? The certificate was issued by a certificate authority that [name of browser] does not recognize. ---- Reasoning: - Mostly the rest of the UI uses just "certificate" rather than "security certificates," which is a leftover from 4.x. - It may help to indicate that the certificate in question identifies the web site (as opposed to--possibly--a client cert that identifies the user to the web site). - "certificate authority" is lowercase most places, I think. Help will need changes to match the new design. But it should be shorter as a result, and hopefully fewer people will feel like they need it. I can give r=cotter on the revised text (as shown above, assuming nobody else has any objections), but don't trust me on the code.
javi promised to do a final review and checkin. thanks!
It seems that your patch doesn't set the key-bindings for return and ESC. Why aren't those set anymore?
r=javi Will check in once tree opens.
a=dbaron on behalf of drivers for trunk checkin during 0.9.3 closure
Whiteboard: approved for 0.9.3
Patch checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
There are two problems with this patch: 1) I am not sure whether it was this patch, or something else, but accepting unknown certificates stopped working at all for me - both "Continue" and "Cancel" buttons in the new dialog behave exactly the same for me - Mozilla is not going to the site I want it to go. I tried it on several sites and it is 100% always reproducible, no matter whether I select "remember" or not. 2) Help button brings help window that explains the *old* dialog. I am using Build ID 2001072923 from mozilla.org RH7 RPMs on RH 7.1
Status: VERIFIED → REOPENED
OS: Mac System 9.x → All
Hardware: Macintosh → All
Resolution: FIXED → ---
works for me on Linux commercial build 2001080106.
Status: REOPENED → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → WORKSFORME
There is something very weird going on, because this is horked for me on my daily build on Linux. :(
I also see the same problem with "continue" not doing anything on another RedHat 7.1 machine running Build ID 2001072711 (from mozilla.org RPMs). Also, I assume that WFM was about problem 1, what about problem 2 (outdated help files)? P.S. The last time I saw a problem with something working in commercial builds, but not in RedHat 7 RPMs was when some variable was used uninitialized (I guess the commercial build compilers initiazes them anyway). Can this be the case here?
Status: RESOLVED → REOPENED
Keywords: regression
Resolution: WORKSFORME → ---
Severity => major since currently it's impossible to access sites with unknows CA on affected platforms.
Severity: normal → major
Keywords: regression
*** Bug 93045 has been marked as a duplicate of this bug. ***
Keywords: regression
log a new bug please. i'll fix it when i'm back from my vacation.
at least the ui's not horked any longer. ;) fixed.
Status: REOPENED → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → FIXED
I have reported the problem of an outdated help file - bug 94104 I can no longer repproduce the problem of "continue" not working on BuildId 2001080600. If somebody still can, please log a new bug on that and add a note to this bug.
*** Bug 94401 has been marked as a duplicate of this bug. ***
Blocks: 94905
No longer blocks: 94905
Depends on: 94905
Marking VERIFIED FIXED on: Win2k 2001-08-10-10-trunk Commercial MacOSX 2001-08-10-05-trunk Commercial
Status: RESOLVED → VERIFIED
Whiteboard: approved for 0.9.3 → approved for 0.9.3 [ckritzer]
*** Bug 97871 has been marked as a duplicate of this bug. ***
Verified on build: 2001-09-13-0.9.4 platform: Win NT When attempting to load the site where CA is not recognized, the warning dialog does show up correctly.
Comment on attachment 43330 [details] [diff] [review] Before (screenshot) Since the mime type is wrong and a new attachment has been posted, this attachment is obsolete.
Attachment #43330 - Attachment is obsolete: true
Product: PSM → Core
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: