Closed Bug 1538041 Opened 6 years ago Closed 6 years ago

page info window ambiguous and broken when no cert provided on https

Categories

(Firefox :: Page Info Window, defect)

Product:
Firefox
Component:
Page Info Window
Version:
66 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1501955

People

(Reporter: firefox, Unassigned)

Details

Attachments

(1 file)

firefox-cert-error.png
(deleted), image/png
Details
Attached image firefox-cert-error.png (deleted) —

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0

Steps to reproduce:

  1. Go to a web page over https which offers no certificate
  2. You get to "Warning: Potential Security Risk Ahead"
  3. Click on the (i) button to the left of the URL
  4. Connection > More information
  5. In this "Page Info" popup, Click on "View Certificate
  6. In the "Page Info" popup, Click on "General", and then "Media"

Actual results:

After step 4:
Under "website identity", it lists

Website:
Owner:
Verified by:
Expires on:

All those fields are blank. This is only moderately helpful. Does this mean the site offered no certificate? Or a syntactically invalid certificate which Firefox failed to parse?
Or is this just a rendering bug? Or is Firefox choosing to not display the info because it doesn't trust the cert?

At step 5: Nothing happens. The "View Certificate" button looks enabled, but nothing happens when you click it

After Step 6: It is now impossible to get back to the original page with the "View Certificate" and "Website Identity" elements.

Expected results:

After step 4:

If the website offered no certificate, the "Website Identity" should say "No certificate provided", or something clear like that.

If the website offered a syntactically invalid certificate, the "Website Identity" section should say "Corrupted certificate", or something like that.

If the website offered a syntactically correct certificate which is not trusted, then "Website" and "Owner" should have values, and "Verified by" should be set to "not verified", and the reason for lack of trust should be stated (e.g. "Self signed" or "unknown CA")

Basically, the fields in "Website Identity" should never be blank. If the values of those fields are not known, those fields should be removed and replaced with a clear message.

At step 5:
If any syntactically valid certificate was provided, clicking "View Certificate" should show it.
If no certificate was provided, the "View Certificate" button should be rendered as a disabled button.

After step 6:
It should be possible to return to the initial page. In addition to "General" and "Media", there should be a third tab called "Identity" or "Security" or "Certificate"

Component: Untriaged → Page Info Window

This should be fixed by bug 1501955, which is in Beta right now.

Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: