The SSL Observatory client should listen for and submit invalid certs

[pde]

There's an API for doing so here:

​https://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/public/nsIBadCertListener2.idl

[pde]

<keeler> I should mention we're trying to deprecate nsIBadCertListener2 - you should be able to do what it does by opening a connection and receiving events on its channel
<keeler> I've done a similar thing in test_ocsp_stapling.js in ​https://bugzilla.mozilla.org/page.cgi?id=splinter.html&bug=700693&attachment=747679
<pde> keeler: by "opening a connection" to you mean making a ghost https request for every https domain the browser connects to?
<pde> s/to/do
<pde> ?
<keeler> oh, no - that would be a bit of a bummer. I just meant for an individual request
<keeler> I guess nsIBadCertListener2 is the only way to do it wholesale
<pde> keeler: is there a bug we can watch for the future of nsIBadCertListener2?
<keeler> pde: hmmm - maybe I was wrong about that. We removed some unnecessary implementations of it in bug 750421, but I don't think there's a bug on removing the interface entirely yet
<firebot> Bug ​https://bugzilla.mozilla.org/show_bug.cgi?id=750421 enh, --, mozilla22, bsmith, RESO FIXED, Remove unnecessary nsIBadCertListener2 and nsISSLErrorListener implementations
<bsmith> keeler pde: which interface?
<keeler> nsIBadCertListener2
<bsmith> keeler pde: it is possible to get the effect of nsIBadCertListener2 using other callbacks.
<keeler> bsmith: for all connections?
<bsmith> keeler: I think you can use nsIWebProgressListener and similar, in all contexts that oyu can use nsIBadCertListener2
<keeler> oh yeah

[pde]

A draft implementation is in ​this branch. Dan, when you get a chance do you want to see if this looks ok and decide what you'd like to do to flag invalidity in these submissions?

[teor]

Set all open tickets without a severity to "Normal"