Opened 6 years ago

Last modified 18 months ago

#8957 needs_review enhancement

The SSL Observatory client should listen for and submit invalid certs

Reported by: pde Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Normal Keywords:
Cc: dtauerbach Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Child Tickets

Change History (3)

comment:1 Changed 6 years ago by pde

<keeler> I should mention we're trying to deprecate nsIBadCertListener2 - you should be able to do what it does by opening a connection and receiving events on its channel
<keeler> I've done a similar thing in test_ocsp_stapling.js in https://bugzilla.mozilla.org/page.cgi?id=splinter.html&bug=700693&attachment=747679
<pde> keeler: by "opening a connection" to you mean making a ghost https request for every https domain the browser connects to?
<pde> s/to/do
<pde> ?
<keeler> oh, no - that would be a bit of a bummer. I just meant for an individual request
<keeler> I guess nsIBadCertListener2 is the only way to do it wholesale
<pde> keeler: is there a bug we can watch for the future of nsIBadCertListener2?
<keeler> pde: hmmm - maybe I was wrong about that. We removed some unnecessary implementations of it in bug 750421, but I don't think there's a bug on removing the interface entirely yet
<firebot> Bug https://bugzilla.mozilla.org/show_bug.cgi?id=750421 enh, --, mozilla22, bsmith, RESO FIXED, Remove unnecessary nsIBadCertListener2 and nsISSLErrorListener implementations
<bsmith> keeler pde: which interface?
<keeler> nsIBadCertListener2
<bsmith> keeler pde: it is possible to get the effect of nsIBadCertListener2 using other callbacks.
<keeler> bsmith: for all connections?
<bsmith> keeler: I think you can use nsIWebProgressListener and similar, in all contexts that oyu can use nsIBadCertListener2
<keeler> oh yeah

comment:2 Changed 6 years ago by pde

Status: newneeds_review

A draft implementation is in this branch. Dan, when you get a chance do you want to see if this looks ok and decide what you'd like to do to flag invalidity in these submissions?

comment:3 Changed 18 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.