Closed Bug 1441223 Opened 7 years ago Closed 7 years ago

Add discrete error code for certificates distrusted by policy action

Categories

(Core :: Security: PSM, enhancement, P1)

Product:
Core
Component:
Security: PSM
Version:
60 Branch
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla60
Tracking Flags:
Tracking Status
firefox60 + fixed

People

(Reporter: jcj, Assigned: keeler)

References

Details

Attachments

(1 file)

bug 1441223 - add a new (overridable) error code to describe extra policy constraint failures
(deleted), text/x-review-board-request
jcj
: review+
Details
Similar to our long-lived imminent distrust flag we've added [1], we should add a special error code to be emitted by mozilla::pkix for certificates which were distrusted by policy, which can then point to the wiki [2]. Perhaps something like ERROR_DISTRUSTED_BY_POLICY ? [1] https://searchfox.org/mozilla-central/rev/b469db5c90d618f4b202d5ef280e1a78224eb43b/security/manager/ssl/nsNSSCallbacks.cpp#1452 [2] https://wiki.mozilla.org/CA/Upcoming_Distrust_Actions
(Note: it should be overridable, too)
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
For consistency with other errors, shouldn't this point to a new SUMO article rather than the wiki?
(In reply to Wayne Thayer [:wayne] from comment #3) > For consistency with other errors, shouldn't this point to a new SUMO > article rather than the wiki? That makes sense to me. :keeler, is it OK to include a URL in nsserrors.properties, or is that something we'll need to do in the front-end UX code?
Blocks: 1441959
Comment on attachment 8954482 [details] bug 1441223 - add a new (overridable) error code to describe extra policy constraint failures https://reviewboard.mozilla.org/r/223542/#review230068
Attachment #8954482 - Flags: review?(jjones) → review+
(In reply to J.C. Jones [:jcj] from comment #4) > (In reply to Wayne Thayer [:wayne] from comment #3) > > For consistency with other errors, shouldn't this point to a new SUMO > > article rather than the wiki? > > That makes sense to me. > > :keeler, is it OK to include a URL in nsserrors.properties, or is that > something we'll need to do in the front-end UX code? Yeah just to document this - I think this is best done in the front-end (not in an l10n file).
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/82d469f8c168 add a new (overridable) error code to describe extra policy constraint failures r=jcj
https://hg.mozilla.org/mozilla-central/rev/82d469f8c168
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox60: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Blocks: 1444440
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: