unhelpful error message on SSL errors
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
webbrowser-app |
Fix Released
|
High
|
Adnane Belmadiaf | ||
webbrowser-app (Ubuntu) |
Fix Released
|
High
|
Olivier Tilloy | ||
Saucy |
Fix Released
|
High
|
Olivier Tilloy |
Bug Description
Currently webbrowser-app shows the following on certificate errors:
"Network Error
It appears you are having trouble viewing: https:/
Ubuntu suggests you check your network settings and try refreshing the page.
[Refresh page]"
Contrast that to chromium-browser's error:
"The site's security certificate is not trusted!
You attempted to reach localhost, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chromium cannot rely on for identity information, or an attacker may be trying to intercept your communications.
You should not proceed, especially if you have never seen this warning before for this site.
[Proceed anyway] [Back to safety]
+ Help me understand"
Firefox has similar functionality.
To fix this bug, only the error message needs to be adjusted. Ideally we might provide a better user experience with "Proceed anyway", but this should be discussed with the security team first since there are differing philosophies on ease of use of use vs "possible to proceed but difficult" as well as caching the result. If implementing this, you might be interested in:
http://
Basically, webbrowser-app would always default to honoring SSL verification, but if the user selected "Proceed anyway", then you would use onIgnoreSSLErrors for that site, for that tab/view, for that session.
Test case:
1. untar the attached test-ca.tar.gz in /tmp
2. start a server:
$ /usr/bin/
3. point webbrowser-app at it:
$ webbrowser-app https:/
Related branches
- PS Jenkins bot: Approve (continuous-integration)
- Olivier Tilloy: Approve
-
Diff: 57 lines (+42/-0)2 files modifiedsrc/app/Browser.qml (+1/-0)
src/app/CertificateVerificationDialog.qml (+41/-0)
Changed in webbrowser-app (Ubuntu Saucy): | |
status: | New → Confirmed |
Changed in webbrowser-app: | |
assignee: | nobody → Adnane Belmadiaf (daker) |
Changed in webbrowser-app: | |
importance: | Undecided → High |
Changed in webbrowser-app (Ubuntu Saucy): | |
importance: | Undecided → High |
Changed in webbrowser-app (Ubuntu Saucy): | |
assignee: | nobody → Olivier Tilloy (osomon) |
Changed in webbrowser-app: | |
status: | Confirmed → In Progress |
Changed in webbrowser-app: | |
status: | Fix Committed → Fix Released |
It appears we need to provide a custom component for the experimental. certificateVeri ficationDialog property of the webview to deal with certificate verification.
The interface for this custom component exposes a "hostname" property, as well as two slots: "accept()" and "reject()".