Closed Bug 971466 Opened 12 years ago Closed 12 years ago

Marketplace shows an untrusted connection page if the system time is incorrect (SSL issue)

Categories

(Firefox OS Graveyard :: Gaia, defect)

Product:
Firefox OS Graveyard
Component:
Gaia
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: llin, Unassigned)

Details

The Marketplace shows the erro page of SSL issuer expiration if the system time is not set/synchronized to the current time. But, for general use, the error page is hard to read and confuses the user with title "This Connection is Untrusted". It is recommanded to replace the sort of build-in browser error pages to guide the user to solve issues.
This is expected. SSL certificates are only granted within a certain time range. If you step outside of the range, then a SSL expiration error is fired. We can certainly improve the UX here, but that's outside the scope of this bug. Given that we are doing the right behavior here, I'm going to close this as invalid.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
THIS IS NOT AN INVALID BUG. PLEASE DO NOT CLOSE A CASE WITHOUT TAKING FURTHER ACTIONS. In the case, only improving UX is not enough. The case is definitely opened for Gaia and UX improvements. Marketplace is a webapp and the error is thrown by the browser. The behavior may be expected happening under genral browser environments. But, in this case, the user may not know Marketplace is a webapp. Do not expect everyone can realize that they are under a browser platform or the meaning of "untrusted connection". No matter what the point of view from engineers, insuffient guidance for users to solve the issue is not qualified. Also, the "Visit site" and "Add permanent exception" buttons does not work. It means, unless setting correct time to the sytem, the user have no chance to solve the case. At least, we need to tell the user how to fix the issue.
Status: RESOLVED → REOPENED
Flags: needinfo?(mtsai)
Resolution: INVALID → ---
(In reply to Lawrence Lin from comment #2) > > Marketplace is a webapp and the error is thrown by the browser. The behavior > may be expected happening under genral browser environments. But, in this > case, the user may not know Marketplace is a webapp. Do not expect everyone > can realize that they are under a browser platform or the meaning of > "untrusted connection". No matter what the point of view from engineers, > insuffient guidance for users to solve the issue is not qualified. The user is fully aware marketplace is a web app. Our entire ecosystem is built around this model with the apps preinstalled on the device. This is evangelized all over the place in our marketing for Firefox OS. I can agree that the SSL error page could be more app friendly, as the error is indeed represented via a browser context. We were short on time when we originally implemented this, so the existing implementation was basically a carbon copy of FxAndroid's UI design. We could consider fixing this up as a feature request for the Systems FE team, as they own app error handling. > > Also, the "Visit site" and "Add permanent exception" buttons does not work. > It means, unless setting correct time to the sytem, the user have no chance > to solve the case. At least, we need to tell the user how to fix the issue. That's what bug 885864 intends to solve. This problem isn't specific to the certificate error handling UX - it happens across the entire phone in many different places. We have to be clear to the user on the danger of introducing large time gaps, as many things stop working when the phone's time is significantly different than the actual time in the current timezone due to how SSL certificate handling works. So I'm unsure what you are intending to track here right now. The original bug title as filed here is actually correct behavior because SSL certificate errors fire when you outside the range of when the SSL certificate was granted for a HTTPS domain. The second issue is something we should track, but I'm thinking it might be a bit more clear to open a new user story bug. I can be sure to add that to the Systems FE feature backlog. The third issue is captured by bug 885864. What do you want to do here?
Flags: needinfo?(llin)
I'd prefer if we do the following for the record: 1. We close this bug out - as we should generally avoid having multiple issues filed in a single bug 2. We open a new bug tracking the user story to implement app friendly cert error handling 3. We use bug 885864 to handle the third issue cited Does that sound okay?
Flags: needinfo?(mtsai)
Haven't heard a response yet, so I went forward with what I've stated in comment 4. I've opened bug 978269 to track the work to fix the cert error handling UX to be more app friendly.
Status: REOPENED → RESOLVED
Closed: 12 years ago12 years ago
Flags: needinfo?(llin)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.