← Back to team overview

ubuntu-apps-bugs team mailing list archive

[Bug 1227055] Re: unhelpful error message on SSL errors

 

** Changed in: webbrowser-app
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Apps bug tracking, which is subscribed to webbrowser-app in Ubuntu.
https://bugs.launchpad.net/bugs/1227055

Title:
  unhelpful error message on SSL errors

Status in Web Browser App:
  Fix Released
Status in “webbrowser-app” package in Ubuntu:
  Fix Released
Status in “webbrowser-app” source package in Saucy:
  Fix Released

Bug description:
  Currently webbrowser-app shows the following on certificate errors:

  "Network Error

  It appears you are having trouble viewing: https://localhost:4443/.
  Ubuntu suggests you check your network settings and try refreshing the page.

  [Refresh page]"

  Contrast that to chromium-browser's error:
  "The site's security certificate is not trusted!

  You attempted to reach localhost, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chromium cannot rely on for identity information, or an attacker may be trying to intercept your communications.
  You should not proceed, especially if you have never seen this warning before for this site.

  [Proceed anyway]  [Back to safety]

  + Help me understand"

  Firefox has similar functionality.

  To fix this bug, only the error message needs to be adjusted. Ideally we might provide a better user experience with "Proceed anyway", but this should be discussed with the security team first since there are differing philosophies on ease of use of use vs "possible to proceed but difficult" as well as caching the result. If implementing this, you might be interested in:
  http://developer.nokia.com/Community/Wiki/How_to_ignore_ssl_errors_to_get_https_website_work_on_QML_Webview

  Basically, webbrowser-app would always default to honoring SSL
  verification, but if the user selected "Proceed anyway", then you
  would use onIgnoreSSLErrors for that site, for that tab/view, for that
  session.

  Test case:
   1. untar the attached test-ca.tar.gz in /tmp
   2. start a server:
       $ /usr/bin/gnutls-serv --http -p 4443 --x509keyfile /tmp/test-ca/localhost-key.pem --x509certfile /tmp/test-ca/localhost.pem --x509cafile /tmp/test-ca/test-ca.pem
   3. point webbrowser-app at it:
       $ webbrowser-app https://localhost:4443/

To manage notifications about this bug go to:
https://bugs.launchpad.net/webbrowser-app/+bug/1227055/+subscriptions