Opened 8 years ago

Closed 11 months ago

#3776 closed enhancement (wontfix)

Please provide a single-checkbox mechanism to enable CACert rules (and other categories of rules)

Reported by: josh Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

HTTPS Everywhere ships various disabled-by-default rules for sites with CACert certificates. I'd love to see a single-checkbox mechanism to enable such rules, along with any new rules which appear in that category, without having to manually do so for each rule. (I use HTTPS Everywhere on Debian, which ships and trusts the CACert certificate by default.)

More generally, I'd love to see a mechanism for tagging rules with various categories, and then selecting categories to enable or disable by default. This would cover the requests for enabling rules that break sites a bit to add security, as well as cases like CACert or other less-widely-accepted certificate providers.

Child Tickets

Change History (7)

comment:1 Changed 8 years ago by josh

Component: - Select a componentEFF-HTTPS Everywhere
Owner: set to pde

comment:2 Changed 7 years ago by pde

There is now a one-line place to make this change in the source code.  Perhaps this could also be controlled by an about:config variable, if anyone is excited enough to write a patch.  The variable should probably be absent/empty by default, and it should preserve the nice clean spot in the source where package maintainers (like Debian downstream) can patch this in their builds.

diff --git a/src/chrome/content/code/HTTPSRules.js b/src/chrome/content/code/HTTPSRules.jsindex e3eed81..8a6b21b 100644--- a/src/chrome/content/code/HTTPSRules.js+++ b/src/chrome/content/code/HTTPSRules.js@@ -16,7 +16,7 @@ function CookieRule(host, cookiename) {   this.name_c = new RegExp(cookiename); }-localPlatformRegexp = new RegExp("firefox");+localPlatformRegexp = new RegExp("firefox|cacert"); ruleset_counter = 0; function RuleSet(name, xmlName, match_rule, default_off, platform) {   this.id="httpseR" + ruleset_counter;

comment:3 Changed 7 years ago by pde

Urgh, pach formatting failure.

diff --git a/src/chrome/content/code/HTTPSRules.js b/src/chrome/content/code/HTTPSRules.js
index e3eed81..8a6b21b 100644
--- a/src/chrome/content/code/HTTPSRules.js
+++ b/src/chrome/content/code/HTTPSRules.js
@@ -16,7 +16,7 @@ function CookieRule(host, cookiename) {
   this.name_c = new RegExp(cookiename);
 }

-localPlatformRegexp = new RegExp("firefox");
+localPlatformRegexp = new RegExp("firefox|cacert");
 ruleset_counter = 0;
 function RuleSet(name, xmlName, match_rule, default_off, platform) {
   this.id="httpseR" + ruleset_counter;

comment:4 Changed 20 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:5 in reply to:  3 Changed 11 months ago by cypherpunks3

That "one-line place" no longer exists since https everywhere deleted their legacy extension code and became a pure WebExtension in 2017.

The 'cacert' pseudo-platform was also removed:

https://www.eff.org/files/Changelog.txt

2018.3.13
  * The unused `cacert` platform was removed from rulesets for simplicity
  * Organizing the add-on files into a clean directory structure
  * Ruleset updates

And the need for CAcert as a CA seems a lot less than it was in 2011 when this ticket was filed, now that Let's Encrypt exists. Can this be closed?

comment:6 Changed 11 months ago by josh

Fine by me; Let's Encrypt certainly makes this unnecessary for me, and I haven't run into a site using CACert in a long time.

And HTTPS Everywhere seems to already have a single-checkbox for other categories, such as "Enable mixed-content rules".

Feel free to close this.

comment:7 Changed 11 months ago by teor

Resolution: wontfix
Status: newclosed
Note: See TracTickets for help on using tickets.