Closed Bug 1014414 Opened 10 years ago Closed 10 years ago

Be more verbose as to why the user can't override a "connection is untrusted" dialog.

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 800882

People

(Reporter: glandium, Unassigned)

References

Details

Attachments

(1 file)

Screenshot
(deleted), image/png
Details 
+++ This bug was initially created as a clone of Bug #1014387 +++

See bug 1014387 as to how this started.

Considering this is all the result of a combination of how the server is badly configured, and what HSTS tells us, I'm fine-ish with the outcome.

But the "Technical details" could at the very least say why there's no way out, being that the domain requests strict transport security, and where that comes from (the server requesting it or our own preload list)
If we're talking about the same security exception dialog as the one in bug 659736, then as far as I followed the code (not too closely in these areas) and noticed myself at the actual dialog, it always shows the button and always shows the reason, and differently according to one of the following flags:

WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED
WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN
WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME
Attached image Screenshot (deleted) — 
(In reply to Avi Halachmi (:avih) from comment #1)
> If we're talking about the same security exception dialog as the one in bug
> 659736, then as far as I followed the code (not too closely in these areas)
> and noticed myself at the actual dialog, it always shows the button and
> always shows the reason, (...)

Cf. screenshot, the reason is obscure and doesn't say anything about HSTS, and the button is not there.
Also, it's not possible to see the certificate and what part of the chain is missing...
(In reply to Mike Hommey [:glandium] from comment #2)
> Screenshot

Ah, I _think_ that's not considered the exception dialog but rather the exception page/notice, which should hopefully allow you to launch the dialog to view more details, add/confirm an exception for it etc.

While I believe it should use the same kind of flags, I never looked at the code which displays this page.

Also, it does give a reason, at least for the error.

So this bug could be one or several issues:
- incorrect reason
- not high resolution enough reason
- missing reason for not allowing to launch the exception dialog
- not being able to launch the exception dialog
While bug 659736 is about the dialog itself after it's launched, which has the "confirm" etc buttons disabled, and some related side effect bug where it does show the button and you can confirm the exception, yet you end up again at this error notice/page (from which you could launch the dialog and goto 10).
Thanks for filing this, Mike. My understanding is bug 800882 aims to do the same thing (unless you're intending that this be for more than just HSTS).
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: