ubuntu-webapps-bugs team mailing list archive
-
ubuntu-webapps-bugs team
-
Mailing list archive
-
Message #04018
[Bug 1574799] [NEW] Additional certificate error types
Public bug reported:
We should add support for the following additional flags in
OxideQSecurityStatus::CertStatus:
- net::CERT_STATUS_NON_UNIQUE_NAME (The identity of the server can't be validated because it doesn't have a FQDN).
- net::CERT_STATUS_PINNED_KEY_MISSING (The certificate doesn't match the one expected).
- net::CERT_STATUS_VALIDITY_TOO_LONG (The certificate is valid for too long - 10 years for those issued before 1/7/1012, 5 years for those after and 39 months for those after 1/4/2015)
These currently map to OxideQSecurityStatus::CertStatusGenericError.
In addition to that, we should add support for the following related
errors in OxideQCertificateError::Error:
- net::ERR_CERT_NON_UNIQUE_NAME
- net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN
- net::ERR_CERT_VALIDITY_TOO_LONG
These currently map to OxideQCertificateError::ErrorGeneric.
I'm not sure how best to add these without affecting existing clients
** Affects: oxide
Importance: Low
Status: Triaged
** Changed in: oxide
Importance: Undecided => Low
** Changed in: oxide
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1574799
Title:
Additional certificate error types
Status in Oxide:
Triaged
Bug description:
We should add support for the following additional flags in
OxideQSecurityStatus::CertStatus:
- net::CERT_STATUS_NON_UNIQUE_NAME (The identity of the server can't be validated because it doesn't have a FQDN).
- net::CERT_STATUS_PINNED_KEY_MISSING (The certificate doesn't match the one expected).
- net::CERT_STATUS_VALIDITY_TOO_LONG (The certificate is valid for too long - 10 years for those issued before 1/7/1012, 5 years for those after and 39 months for those after 1/4/2015)
These currently map to OxideQSecurityStatus::CertStatusGenericError.
In addition to that, we should add support for the following related
errors in OxideQCertificateError::Error:
- net::ERR_CERT_NON_UNIQUE_NAME
- net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN
- net::ERR_CERT_VALIDITY_TOO_LONG
These currently map to OxideQCertificateError::ErrorGeneric.
I'm not sure how best to add these without affecting existing clients
To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1574799/+subscriptions