Better (better? there are none!) dialog for SSL / https sites

[ywwg]

(btw, I thought I already filed this bug, but I can't find it. Sorry if this is a repeat)

My email is self-hosted, and I don't have an official web certificate for https. Because of this, mozilla pops up a confirmation dialog asking if I want to accept the certificate anyway. In the web activity, the OK / Cancel buttons in this dialog are non-functional, preventing me from getting to the website and checking my email.

Steps to reproduce:

1. go to my webmail server.
2. olpc asks if you want to accept the certificate
3. click OK

Expected results:

1. dialog is dismissed, website loads

actual results:

1. nothing happens.

Other notes: other ok/cancel dialogs popped up by the mozilla component do work, but I can't remember an example right now :(.

[jg]

This one is pretty high priority...

[cshields]

I ran into this one today trying out the B2 (Build 239). Our online registration system for new wireless devices uses a self signed cert (ugh) and this came up where I was unable to accept the certificate. I have since updated to build 299 and will try it again next time I am in the office.. Testing it here with the new build, it seems to accept with no question at all the link that ywwg provides now (as opposed to any popup at all about the cert).

Also, tested against a self-signed cert site with an expired cert (usually throws 2 dialog boxes for acceptance in other browsers) and the Web activity accepts no questions asked. This may or may not be the desired outcome, but as for the original bug reported it is no longer the case in 299.

Cheers!

-Corey

[cjb]

Marco, can you tell us whether accepting unverifiable SSL certs was the intention here?

[marco]

Not intentional, this should just work as it does in firefox. Do you still see it on the latest image?

[JeremyVisser]

I could reproduce this on one of the demo XO machines at linux.conf.au while trying to access the Internet.

linux.conf.au used a hotspot-style authentication, which required you to log on over a self-signed SSL connection before accessing the Internet. Because I couldn't accept the certificate, I couldn't get onto the 'net.

[AlbertCahalan]

Replying to marco:

Not intentional, this should just work as it does in firefox. Do you still see it on the latest image?

Regular firefox does this in a most user-unfriendly way. It can throw at least 2 complicated dialog boxes at the user, probably even 3.

Good behavior would be to simply do whatever crypto is required to make the server happy. Any sort of security icon should of course indicate that the connection is NOT trusted, despite the crypto. (eh, there doesn't seem to be any such icon at all, so no problem with wrongly claiming trust but this isn't a good situation either)

[marco]

Reassign to tomeu since he is working on hooking up the XUL dialogs in hulahop.

[tomeu]

Right now we'll load the site without asking anything.

Eben: should we implement something like the non-modal alert in http://wiki.laptop.org/go/Image:Activity_browse_alert.jpg?

[marco]

I'd say to just use whatever mozilla give us for Gen1, it's a side case anyway. The mozilla security UI needs to be redesigned, but that needs to happen upstream.

[tomeu]

We're now using standard mozilla dialogs. Will implement Eben's ideas after Trial2.

[kimquirk]

Moving to Trial-3; I think it should be high priority.

[Eben]

The alert referenced by Tomeu above and in the screenshot on the wiki would be a great way to handle this. As such, I think this is now an implementation ticket, regardless of how soon we can actually get it into the builds.

[marco]

Updating the title to match the status. Resetting to untriaged. (It would be better to just open separate tickets in these cases IHMO).

I suggest punting this to Gen2.

[marco]

Eben, I'm not sure how much flexibility the firefox API give us here. But anyway we need a concrete design and then try to figure that out. i.e. what is the dialog going to ask to the user, which informations are going to be displayed etc.

I'd suggest to play with the current UI and list the changes you would like to make.

[tomeu]

Just for reference, I think this is the hook that mozilla gives to us for this:

http://www.xulplanet.com/references/xpcomref/ifaces/nsIBadCertListener.html

Somewhat related, perhaps we can use this other one for other alerts:

http://www.xulplanet.com/references/xpcomref/ifaces/nsIPromptService.html

But yeah, we need first to decide what kind of interaction we can have with the user, related to certificates.

[Eben]

So, using the alert style spec'd in #2822, I think we'll want to make the text more concise. Glancing at the API linked above, here's my tentative suggestions:

Alert Title (for all):

• Untrusted Website

Alert Descriptions:

• The certificate for <url> has expired.
• The supplied certificate for <url> does not include <url>.
• The issuer of the certificate for <url> isn't known.
• The certificate for <url> may be revoked.

Buttons:

• Continue: Trust the certificate temporarily (for this session) and continue to the website
• Inspect: View the certificate in detail (may require non-modal/fullscreen alert support?)
• Cancel: Don't trust the certificate; remain at the current page.

Should we offer a "Always trust" option in any manner? The spec for the non-modal alerts doesn't support adding other controls (such as a checkbox), but that might not be a problem. It doesn't seem unreasonable to force one to inspect the certificate to verify it before always trusting it, and the design for the modal fullscreen alert should be more like a palette, supporting any kind of controls inside it. In any case, I think the "always trust" option is an enhancement for the future, even though we're technically obliged to show the details of the certificate...

[jg]

I ran into this one at MIT today (just trying to get to their web page to authorize web access).

I think in self defense we'd better fix this one pretty soon, since it can so completely block access to some web sites...

[ywwg]

with the changes to mozilla this bug is a big issue again in the latest joyrides. Now there's an error page that tells me I can add an exception, but when I click that link the error page just tells me I'm supposed to go to my preferences page to make the exception. Since browse-activity doesn't have a preferences page, this bug is blocking me again.

[rharrison]

Page Load Error screen shot

[rharrison]

This bug seems to be preventing me from accessing the wireless network here at work. Our CA cert isn't included in the normal default certs. Since I'm not given a pop up dialog I can't accept the cert to continue and get onto our guest wireless network login page. I had to download the opera browser rpms to a usb key and using it instead to log on.

Tested with builds 650 and 653. This seems like a pretty critical bug that needs to be addressed in Update.1 as many sites will cause this error.

[sj]

see also #5534 for a related set of issues with alerts. We should also document how users can hack around this problem.

[vorburger]

This problem really is a pain! Priority Blocker may be a bit harsh, but it does "block" you to get online at Wireless access networks that have some kind of web sign-up and use a self-signed cert. Just happened to me when presenting the XO at a university campus.

This is probably plainly simply a duplicate of #5534... (or #5534 should be a duplicate of this #542, because this one is older) - this isn't about "Better dialog for SSL / https sites" but about handling it at all. At least in Build 656, Browse does NOT "ask if you want to accept the certificate" anymore (as the initial description above says) but gives that Mozilla error described at e.g. http://wiki.laptop.org/go/Ask_OLPC_a_Question_about_the_XO#Browser_issue_with_SSL_warning_about_invalid_security_certificate

I took the liberty to at least change the Summary. Somebody else should do the duplication and close this (or the other way), I don't dare.

PS: A hack around this problem seems to be described at http://wiki.laptop.org/go/Talk:Browse#Adding_Authorities_for_SSL_support by somebody.

PPS: I put links on http://wiki.laptop.org/go/Ask_OLPC_a_Question_about_the_XO#Browser_issue_with_SSL_warning_about_invalid_security_certificate

[erikos]

This works fine for me in joyride 2107 which contains the latest version of hulahop which is needed and with the latest version of browse Web-91. I tested with https://nic.mit.edu:444 with https://mozilla.org and with linuxtag.org/vcc.

The interface to add exceptions is the same F3 is using.