ubuntu-webapps-bugs team mailing list archive

Thread
Date

[Bug 1574799] [NEW] Additional certificate error types

To: ubuntu-webapps-bugs@xxxxxxxxxxxxxxxxxxx
From: Chris Coulson <chrisccoulson@xxxxxxxxxx>
Date: Mon, 25 Apr 2016 18:26:59 -0000
Reply-to: Bug 1574799 <1574799@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

We should add support for the following additional flags in
OxideQSecurityStatus::CertStatus:

- net::CERT_STATUS_NON_UNIQUE_NAME (The identity of the server can't be validated because it doesn't have a FQDN).
- net::CERT_STATUS_PINNED_KEY_MISSING (The certificate doesn't match the one expected).
- net::CERT_STATUS_VALIDITY_TOO_LONG (The certificate is valid for too long - 10 years for those issued before 1/7/1012, 5 years for those after and 39 months for those after 1/4/2015)

These currently map to OxideQSecurityStatus::CertStatusGenericError.

In addition to that, we should add support for the following related
errors in OxideQCertificateError::Error:

- net::ERR_CERT_NON_UNIQUE_NAME
- net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN
- net::ERR_CERT_VALIDITY_TOO_LONG

These currently map to OxideQCertificateError::ErrorGeneric.

I'm not sure how best to add these without affecting existing clients

** Affects: oxide
     Importance: Low
         Status: Triaged

** Changed in: oxide
   Importance: Undecided => Low

** Changed in: oxide
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1574799

Title:
  Additional certificate error types

Status in Oxide:
  Triaged

Bug description:
  We should add support for the following additional flags in
  OxideQSecurityStatus::CertStatus:

  - net::CERT_STATUS_NON_UNIQUE_NAME (The identity of the server can't be validated because it doesn't have a FQDN).
  - net::CERT_STATUS_PINNED_KEY_MISSING (The certificate doesn't match the one expected).
  - net::CERT_STATUS_VALIDITY_TOO_LONG (The certificate is valid for too long - 10 years for those issued before 1/7/1012, 5 years for those after and 39 months for those after 1/4/2015)

  These currently map to OxideQSecurityStatus::CertStatusGenericError.

  In addition to that, we should add support for the following related
  errors in OxideQCertificateError::Error:

  - net::ERR_CERT_NON_UNIQUE_NAME
  - net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN
  - net::ERR_CERT_VALIDITY_TOO_LONG

  These currently map to OxideQCertificateError::ErrorGeneric.

  I'm not sure how best to add these without affecting existing clients

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1574799/+subscriptions