search

danwent / Perspectives

Perspectives Firefox Extension
http://perspectives-project.org
66 stars 19 forks source link

4.2 responds to security success due to cert exception as to a security error #35

Open bughit opened 13 years ago

bughit commented 13 years ago

and tries to contact notaries (when configured to contact on error). Fx 5.0

There is no Fx security error with an appropriate certificate exception.

danwent commented 13 years ago

hello, can you clarify this bug report a bit? Can you specify exactly what options you have enabled, what behavior you would expect, and what happened instead? Screenshots would be great (there does not seem to be a way to attach items to github bug reports, so perhaps email is best).

My one guess of what you were reporting is that you had selected "Contact Notaries only when a website's certificate causes a security error", yet when you went to a site like https://www.wellsfargo.com that does not cause a security error, perspectives still contacted to the notaries (e.g., you saw the perspectives icon show the progress spinner and results). I tried to reproduce such an issue on my machine and could not, so perhaps I am misunderstanding you.

bughit commented 13 years ago

The most reliable way to repro this is with Fx 4.0.1, because there is an additional problem in 5.0, the notaries contact alert seems to sometimes/frequently either rapidly auto close or not open at all

  1. Fx 4.0.1, new profile
  2. install perspectives 4.2, restart
  3. set options: auto override sec errors: off contact notaries: only errors always ask: on
  4. go to https://www.sqlite.org/, "connection is untrusted" page opens and perspectives shows the contact notaries alert. In Fx 5.0 this alert never shows, there is some vertical shifting of the page that indicates that it may be opening and closing rapidly.
  5. from the "connection is untrusted" page add a permanent exception
  6. restart Fx and go to https://www.sqlite.org/ again, the page opens without error due to the exception, but perspectives still shows the contact notaries alert.
bughit commented 13 years ago

Are you able to repro?

danwent commented 13 years ago

I am not seeing problems on Perspectives 4.2 for the "contact notaries?" alert drop-down. I have tested on OS X and Linux, can you tell me more about your platform?

I don't have access to FF 4.0.1, but I will try to get a hold of it.

Thanks,

Dan

On Tue, Jul 5, 2011 at 10:01 AM, bughit reply@reply.github.com wrote:

The most reliable way to repro this is with Fx 4.0.1, because there is an additional problem in 5.0, the notaries contact alert seems to sometimes/frequently either rapidly auto close or not open at all

  1. Fx 4.0.1, new profile
  2. install perspectives 4.2, restart
  3. set options:        auto override sec errors: off        contact notaries: only errors        always ask: on
  4. go to https://www.sqlite.org/, "connection is untrusted" page opens and perspectives shows the contact notaries alert.  In Fx 5.0 this alert never shows, there is some vertical shifting of the page that indicates that it may be opening and closing rapidly.
  5. from the "connection is untrusted" page add a permanent exception
  6. restart Fx and go to https://www.sqlite.org/ again, the page opens without error due to the exception, but perspectives still shows the contact notaries alert.

Reply to this email directly or view it on GitHub: https://github.com/danwent/Perspectives/issues/35#issuecomment-1505211

Dan Wendlandt
650-906-2650
http://www.cs.cmu.edu/~dwendlan/
4250 El Camino Real, Apt A306
Palo Alto, CA 94306
bughit commented 13 years ago

I am on xp sp3. Fx 4.0.1 is on the mozilla ftp

https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/4.0.1/

So are you saying that when you initially go to https://www.sqlite.org/ and get the untrusted page, you do see the contact notaries alert, but when you go there again after adding a permanent exception and restarting Fx, the page opens successfully and you no longer get the contact notaries alert?

I get the alert every time I start Fx and open https://www.sqlite.org/

daveschaefer commented 10 years ago

Hi @bughit - this is a pretty old bug, are you still seeing this behaviour? I am unable to reproduce this in Firefox 33, but it's quite possible the certificate status for sqlite.org has changed since 2011.

If you are still seeing this on any site please let me know. Otherwise if this has been fixed I will close the ticket. Thanks!