danwent / Perspectives

Perspectives Firefox Extension
http://perspectives-project.org
66 stars 19 forks source link

Add distrust all Authorities button #132

Open ghost opened 10 years ago

ghost commented 10 years ago

Similar to #131 add a "Distrust all default Authorities" button to Perspectives (as it's unlikely that this functionality will be added to Firefox soon) which distrusts all default Authorities in the certificate store. The button should also display a security warning like "This will distrust all Authorities. All secured websites are going to fail with a certificate security exception until they have been verified by Perspectives. If you are sure please enter the following sentence: 'The CA system is broken'." We should also add a help text which explains how to restore the default CAs or retrust them.

ghost commented 10 years ago

Here are my developer notes:

http://www.oxymoronical.com/experiments/apidocs/platform/1.9.2a1pre/interface/nsIX509CertDB http://www.oxymoronical.com/experiments/apidocs/platform/1.9.2a1pre/interface/nsIX509Cert

certDB.isCertTrusted(cert, certType, trustType)
certDB.setCertTrust (cert, certType, trustType)

nsIX509Cert certType
UNKNOWN_CERT = 0
CA_CERT      = 1
USER_CERT    = 2
EMAIL_CERT   = 4
SERVER_CERT  = 8

nsIX509CertDB trustType
UNTRUSTED       = 0
TRUSTED_SSL     = 1
TRUSTED_EMAIL   = 2
TRUSTED_OBJSIGN = 4

certDB.setCertTrust(cert, 1|2|4|8, 0); // doesn't work

using CertDB1

var certDB1 = Components.classes["@mozilla.org/security/x509certdb;1"].getService(Components.interfaces.nsIX509CertDB);
var certNameList = {};
certDB1.findCertNicknames(null, 0, {}, certNameList);
var certNames = certNameList.value;
certDB1.findCertByNickname(...)
daveschaefer commented 10 years ago

Hi @lambdor thanks for working on the code for this, but in the future please do not close tickets until the work has been merged into the master branch and released in an update. This helps to keep track of what work still needs to be completed. Thanks.

ghost commented 10 years ago

Got it!

daveschaefer commented 10 years ago

Fascinating idea for a feature :) I think this fits well with Perspectives' goals as a project.

I'm keeping development comments in the changelist from the pull request

daveschaefer commented 10 years ago

As discussed this is in the code but hidden until #143 is fixed. Leaving issue open until it is actually rolled out in a release.