Closed
Bug 92475
Opened 23 years ago
Closed 22 years ago
Need error msg for expired CRLs. Was: Can't check account status at Amazon
Categories
(Core Graveyard :: Security: UI, defect, P1)
Tracking
(Not tracked)
VERIFIED
WORKSFORME
Future
People
(Reporter: lord, Assigned: ddrinan0264)
Details
Attachments
(5 files)
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review |
While trying to view my account status at Amazon, I am unable to login.
To reproduce:
-Go to http://www.amazon.com/
-Click on Your Account (top right)
-Click on the GO! next to "my recent orders and transactions"
-Enter email address and password
-Click "Sign in using our secure server"
Expected results:
You'd be logged in.
Observed results:
Nothing happens.
Others are having a hard time reproducing this, but I can only get to some SSL
sites, even with a new profile.
Marking Blocker. We need to get this cleared up before we branch for 0.9.3.
junruh: please see if you can reproduce this problem on Win2k. You'll need to
visit a lot of external HTTPS sites to find one that triggers this problem.
Severity: normal → blocker
Assignee | ||
Comment 3•23 years ago
|
||
This is caused by an expired CRL. We should be putting up an error message in
this case. The workaround for the moment is to remove the CRL from the profile.
I'm removing this as a blocker.
Severity: blocker → critical
Comment 4•23 years ago
|
||
Update Summary to reflect actual problem.
Summary: Can't check account status at Amazon → Need error msg for expired CRLs. Was: Can't check account status at Amazon
Assignee | ||
Comment 6•23 years ago
|
||
Comment 7•23 years ago
|
||
A couple of notes:
1) These should all have absolute paths after for src (like help.js) and should
all say type="application/x-javascript" as well.
+<script src="chrome://global/content/strres.js" />
+<script src="pippki.js" />
+<script src="serverCrlExpired.js" />
+<script type="application/x-javascript" src="chrome://help/content/help.js" />
2) According to Bug 88328, we shouldn't have 'width' or orient set on any
buttons. The theme should decide how bug our buttons are.
Fix these 2 issues, and r=javi
Assignee | ||
Comment 8•23 years ago
|
||
Comment 9•23 years ago
|
||
sr=blizzard
Assignee | ||
Comment 10•23 years ago
|
||
Fixed checked in.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 11•23 years ago
|
||
On Wink2 2001-08-10-10-trunk build:
Following Lord's steps, I at least got an dialog saying "Connection refused"
(or something close to it) the *first* time I tried to connect. Subsequent re-
submissions (clicking the submit button again and again and again) gave me no
dialogs, and only a watch cursor for a few seconds.
I tried this on MacOSX 2001-08-10-05-trunk build, and had no problems. Fix was
checked in on 2001-08-09 15:32 so I'm reopening - Sorry David!
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 12•23 years ago
|
||
The way I understand this bug, one can't connect to sites whose ssl cert is
governed by a crl that has expired. The fix is to show a dialog in that case
rather than failing silently. To verify the fix, one needs to install an
expired CRL, which applies to a known site, then go and visit said site, and see
that rather than failing silently we get the dialog that David created.
QA please revisit this.
Comment 13•23 years ago
|
||
Marking back as FIXED until there's either a compelling case for REOPENED or
it's VERIFIED.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 14•23 years ago
|
||
There is no such thing as an expired cert. Please see bug 94013 for details.
This code and UI needs to take that into account.
nextUpdate time does not mean "expired".
Reopening.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 15•23 years ago
|
||
Comment 16•23 years ago
|
||
+ rv = NS_ERROR_FAILURE;;
remove the extra ;
+ <button id="ok-button" class="dialog" label="&ok.label;" primary="true"
+ onclick="doOK();" disabled="false"/>
you shouldn't need to set disabled=false on buttons
+<!ENTITY serverCrlNextupdate.message "Please ask your system administrator for
assistance">
This is a bit unhelpful for a home user, but I can't think of anything better
at the moment, so this will be ok.
Fix the first two items I mentioned and r=bryner.
Assignee | ||
Comment 17•23 years ago
|
||
Comment 18•23 years ago
|
||
Check if you need flex in the xul. Other than that, sr=tor.
Assignee | ||
Comment 19•23 years ago
|
||
Assignee | ||
Updated•23 years ago
|
Comment 20•23 years ago
|
||
a=asa on behalf of drivers
Assignee | ||
Comment 21•23 years ago
|
||
Patch checked in. Marking FIXED.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 22•23 years ago
|
||
In order to test this, download the the RSASecureServer.crl file from
crl.verisign.com and host the file on a web server that has the mime type
application/x-pkcs7-crl. Download the crl into your browser, set your computer
clock forward by about 6 months and then visit https://www.verisign.com.
Comment 23•23 years ago
|
||
There are multiple problems with the xul in this patch, so reopening. First of
all, though, why must this alert be hand-rolled? Why can't it use the existing
CommonDialog infrastructure?
In the future, please have someone intimately familiar with xul review a change
such as this.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 24•23 years ago
|
||
Making future.
What specific problems are there for this dialog. Is the functionality broken?
Target Milestone: 2.1 → Future
Comment 25•23 years ago
|
||
OS > all
OS: Windows 2000 → All
QA Contact: ckritzer → junruh
Hardware: PC → All
Version: 2.0 → 2.1
Comment 26•23 years ago
|
||
I am also seeing this problem when trying to access my account on
www.amazon.co.uk.
To reproduce:
- go to http://www.amazon.co.uk
- click on the "Sign In" link
- enter username and password
- click "continue using secure server"
Actual result: dialog warning: "www.amazon.co.uk was not found. Please check the
name and try again."
Expected result: account home page loaded
O/S WinNT SP5
Mozilla 0.9.5 Build ID: 2001101117
I am yet to find a site using SSL that I _can_ access.
Comment 27•23 years ago
|
||
Please ignore previous comment. I've just discovered I had not created the
correct entry for the SSL proxy; I can now access SSL sites. Apologies.
Comment 28•22 years ago
|
||
I this still an issue?
I am able to connect to https sites, although I have an expired CRL for the CA
that issued that sites cert.
Marking worksforme. Please verify.
As I believe, we no longer inhibit connecting to a site because of an expired
CRL, we do not need an error message for that situation.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 22 years ago
Resolution: --- → WORKSFORME
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•