diff options
8 files changed, 24 insertions, 204 deletions
diff --git a/application/basilisk/base/content/aboutNetError.xhtml b/application/basilisk/base/content/aboutNetError.xhtml index 609725c9e..f28e2365f 100644 --- a/application/basilisk/base/content/aboutNetError.xhtml +++ b/application/basilisk/base/content/aboutNetError.xhtml @@ -123,13 +123,6 @@ document.getElementById("advancedButton") .addEventListener("click", function togglePanelVisibility() { toggleDisplay(panel); - if (gIsCertError) { - // Toggling the advanced panel must ensure that the debugging - // information panel is hidden as well, since it's opened by the - // error code link in the advanced panel. - var div = document.getElementById("certificateErrorDebugInformation"); - div.style.display = "none"; - } if (panel.style.display == "block") { // send event to trigger telemetry ping @@ -149,11 +142,6 @@ if (getCSSClass() == "expertBadCert") { toggleDisplay(document.getElementById("badCertAdvancedPanel")); - // Toggling the advanced panel must ensure that the debugging - // information panel is hidden as well, since it's opened by the - // error code link in the advanced panel. - var div = document.getElementById("certificateErrorDebugInformation"); - div.style.display = "none"; } disallowCertOverridesIfNeeded(); @@ -312,7 +300,7 @@ } } - addDomainErrorLinks(); + addDomainErrorLink(); } function initPageCaptivePortal() @@ -329,7 +317,7 @@ addAutofocus("openPortalLoginPageButton"); setupAdvancedButton(true); - addDomainErrorLinks(); + addDomainErrorLink(); // When the portal is freed, an event is generated by the frame script // that we can pick up and attempt to reload the original page. @@ -353,7 +341,7 @@ let event = new CustomEvent("AboutNetErrorLoad", {bubbles:true}); document.getElementById("advancedButton").dispatchEvent(event); - addDomainErrorLinks(); + addDomainErrorLink(); } /* Only do autofocus if we're the toplevel frame; otherwise we @@ -372,16 +360,13 @@ } } - /* Try to preserve the links contained in the error description, like - the error code. - - Also, in the case of SSL error pages about domain mismatch, see if + /* In the case of SSL error pages about domain mismatch, see if we can hyperlink the user to the correct site. We don't want to do this generically since it allows MitM attacks to redirect users to a site under attacker control, but in certain cases it is safe (and helpful!) to do so. Bug 402210 */ - function addDomainErrorLinks() { + function addDomainErrorLink() { // Rather than textContent, we need to treat description as HTML var sdid = gIsCertError ? "badCertTechnicalInfo" : "errorShortDescText"; var sd = document.getElementById(sdid); @@ -390,50 +375,28 @@ // sanitize description text - see bug 441169 - // First, find the index of the <a> tags we care about, being + // First, find the index of the <a> tag we care about, being // careful not to use an over-greedy regex. - var codeRe = /<a id="errorCode" title="([^"]+)">/; - var codeResult = codeRe.exec(desc); - var domainRe = /<a id="cert_domain_link" title="([^"]+)">/; - var domainResult = domainRe.exec(desc); - - // The order of these links in the description is fixed in - // TransportSecurityInfo.cpp:formatOverridableCertErrorMessage. - var firstResult = domainResult; - if (!domainResult) - firstResult = codeResult; - if (!firstResult) + var re = /<a id="cert_domain_link" title="([^"]+)">/; + var result = domainRe.exec(desc); + + if (!result) return; // Remove sd's existing children sd.textContent = ""; - // Everything up to the first link should be text content. - sd.appendChild(document.createTextNode(desc.slice(0, firstResult.index))); + // Everything up to the link should be text content. + sd.appendChild(document.createTextNode(desc.slice(0, result.index))); - // Now create the actual links. - if (domainResult) { - createLink(sd, "cert_domain_link", domainResult[1]) - // Append text for anything between the two links. - sd.appendChild(document.createTextNode(desc.slice(desc.indexOf("</a>") + "</a>".length, codeResult.index))); - } - createLink(sd, "errorCode", codeResult[1]) + // Now create the link itself. + var anchorEl = document.createElement("a"); + anchorEl.setAttribute("id", "cert_domain_link"); + anchorEl.setAttribute("title", result[1]); + anchorEl.appendChild(document.createTextNode(result[1])); + sd.appendChild(anchorEl); - // Finally, append text for anything after the last closing </a>. - sd.appendChild(document.createTextNode(desc.slice(desc.lastIndexOf("</a>") + "</a>".length))); - } - - if (gIsCertError) { - // Initialize the error code link embedded in the error message to - // display debug information about the cert error. - var errorCode = document.getElementById("errorCode"); - if (errorCode) { - errorCode.href = "javascript:void(0)"; - errorCode.addEventListener("click", () => { - let debugInfo = document.getElementById("certificateErrorDebugInformation"); - debugInfo.style.display = "block"; - debugInfo.scrollIntoView({block: "start", behavior: "smooth"}); - }, false); - } + // Finally, append text for anything after the closing </a>. + sd.appendChild(document.createTextNode(desc.slice(desc.indexOf("</a>") + "</a>".length))); } // Initialize the cert domain link. @@ -479,23 +442,8 @@ if (link.href && getCSSClass() != "expertBadCert") { var panelId = gIsCertError ? "badCertAdvancedPanel" : "weakCryptoAdvancedPanel" toggleDisplay(document.getElementById(panelId)); - if (gIsCertError) { - // Toggling the advanced panel must ensure that the debugging - // information panel is hidden as well, since it's opened by the - // error code link in the advanced panel. - var div = document.getElementById("certificateErrorDebugInformation"); - div.style.display = "none"; - } } } - - function createLink(el, id, text) { - var anchorEl = document.createElement("a"); - anchorEl.setAttribute("id", id); - anchorEl.setAttribute("title", text); - anchorEl.appendChild(document.createTextNode(text)); - el.appendChild(anchorEl); - } ]]></script> </head> @@ -628,12 +576,6 @@ </div> - <div id="certificateErrorDebugInformation"> - <button id="copyToClipboard">&certerror.copyToClipboard.label;</button> - <div id="certificateErrorText"/> - <button id="copyToClipboard">&certerror.copyToClipboard.label;</button> - </div> - <!-- - Note: It is important to run the script this way, instead of using - an onload handler. This is because error pages are loaded as diff --git a/application/basilisk/base/content/browser.js b/application/basilisk/base/content/browser.js index 9ec7715fa..031144dfd 100644 --- a/application/basilisk/base/content/browser.js +++ b/application/basilisk/base/content/browser.js @@ -2888,24 +2888,7 @@ var BrowserOnClick = { secHistogram.add(Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_UNDERSTAND_RISKS); } - securityInfo = getSecurityInfo(securityInfoAsString); - let errorInfo = getDetailedCertErrorInfo(location, - securityInfo); - browser.messageManager.sendAsyncMessage( "CertErrorDetails", { - code: securityInfo.errorCode, - info: errorInfo - }); - break; - - case "copyToClipboard": - const gClipboardHelper = Cc["@mozilla.org/widget/clipboardhelper;1"] - .getService(Ci.nsIClipboardHelper); - securityInfo = getSecurityInfo(securityInfoAsString); - let detailedInfo = getDetailedCertErrorInfo(location, - securityInfo); - gClipboardHelper.copyString(detailedInfo); break; - } }, @@ -3145,81 +3128,6 @@ function getSecurityInfo(securityInfoAsString) { return securityInfo; } -/** - * Returns a string with detailed information about the certificate validation - * failure from the specified URI that can be used to send a report. - */ -function getDetailedCertErrorInfo(location, securityInfo) { - if (!securityInfo) - return ""; - - let certErrorDetails = location; - let code = securityInfo.errorCode; - let errors = Cc["@mozilla.org/nss_errors_service;1"] - .getService(Ci.nsINSSErrorsService); - - certErrorDetails += "\r\n\r\n" + errors.getErrorMessage(errors.getXPCOMFromNSSError(code)); - - const sss = Cc["@mozilla.org/ssservice;1"] - .getService(Ci.nsISiteSecurityService); - // SiteSecurityService uses different storage if the channel is - // private. Thus we must give isSecureHost correct flags or we - // might get incorrect results. - let flags = PrivateBrowsingUtils.isWindowPrivate(window) ? - Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0; - - let uri = Services.io.newURI(location, null, null); - - let hasHSTS = sss.isSecureHost(sss.HEADER_HSTS, uri.host, flags); - let hasHPKP = sss.isSecureHost(sss.HEADER_HPKP, uri.host, flags); - certErrorDetails += "\r\n\r\n" + - gNavigatorBundle.getFormattedString("certErrorDetailsHSTS.label", - [hasHSTS]); - certErrorDetails += "\r\n" + - gNavigatorBundle.getFormattedString("certErrorDetailsKeyPinning.label", - [hasHPKP]); - - let certChain = ""; - if (securityInfo.failedCertChain) { - let certs = securityInfo.failedCertChain.getEnumerator(); - while (certs.hasMoreElements()) { - let cert = certs.getNext(); - cert.QueryInterface(Ci.nsIX509Cert); - certChain += getPEMString(cert); - } - } - - certErrorDetails += "\r\n\r\n" + - gNavigatorBundle.getString("certErrorDetailsCertChain.label") + - "\r\n\r\n" + certChain; - - return certErrorDetails; -} - -// TODO: can we pull getDERString and getPEMString in from pippki.js instead of -// duplicating them here? -function getDERString(cert) -{ - var length = {}; - var derArray = cert.getRawDER(length); - var derString = ''; - for (var i = 0; i < derArray.length; i++) { - derString += String.fromCharCode(derArray[i]); - } - return derString; -} - -function getPEMString(cert) -{ - var derb64 = btoa(getDERString(cert)); - // Wrap the Base64 string into lines of 64 characters, - // with CRLF line breaks (as specified in RFC 1421). - var wrapped = derb64.replace(/(\S{64}(?!$))/g, "$1\r\n"); - return "-----BEGIN CERTIFICATE-----\r\n" - + wrapped - + "\r\n-----END CERTIFICATE-----\r\n"; -} - var PrintPreviewListener = { _printPreviewTab: null, _tabBeforePrintPreview: null, diff --git a/application/basilisk/locales/en-US/chrome/browser/browser.properties b/application/basilisk/locales/en-US/chrome/browser/browser.properties index aa7a82e4f..f1c39839b 100644 --- a/application/basilisk/locales/en-US/chrome/browser/browser.properties +++ b/application/basilisk/locales/en-US/chrome/browser/browser.properties @@ -679,13 +679,6 @@ weakCryptoOverriding.message = %S recommends that you don’t enter your passwor revokeOverride.label = Don’t Trust This Website revokeOverride.accesskey = D -# LOCALIZATION NOTE (certErrorDetails*.label): These are text strings that -# appear in the about:certerror page, so that the user can copy and send them to -# the server administrators for troubleshooting. -certErrorDetailsHSTS.label = HTTP Strict Transport Security: %S -certErrorDetailsKeyPinning.label = HTTP Public Key Pinning: %S -certErrorDetailsCertChain.label = Certificate chain: - # LOCALIZATION NOTE (pendingCrashReports2.label): Semi-colon list of plural forms # See: http://developer.mozilla.org/en/docs/Localization_and_Plurals # #1 is the number of pending crash reports diff --git a/application/basilisk/locales/en-US/chrome/overrides/netError.dtd b/application/basilisk/locales/en-US/chrome/overrides/netError.dtd index 872847458..55da9a36c 100644 --- a/application/basilisk/locales/en-US/chrome/overrides/netError.dtd +++ b/application/basilisk/locales/en-US/chrome/overrides/netError.dtd @@ -203,7 +203,6 @@ was trying to connect. --> Strict Transport Security (HSTS) to specify that &brandShortName; may only connect to it securely. As a result, it is not possible to add an exception for this certificate."> -<!ENTITY certerror.copyToClipboard.label "Copy text to clipboard"> <!ENTITY inadequateSecurityError.title "Your connection is not secure"> <!-- LOCALIZATION NOTE (inadequateSecurityError.longDesc) - Do not translate diff --git a/application/basilisk/themes/shared/aboutNetError.css b/application/basilisk/themes/shared/aboutNetError.css index c0b76aa47..168d2e893 100644 --- a/application/basilisk/themes/shared/aboutNetError.css +++ b/application/basilisk/themes/shared/aboutNetError.css @@ -132,16 +132,12 @@ span#hostname { line-height: 16px } -#errorCode:not([href]) { +#errorCode { color: var(--in-content-page-color); cursor: text; text-decoration: none; } -#errorCode[href] { - white-space: nowrap; -} - #badCertTechnicalInfo { overflow: auto; white-space: pre-wrap; @@ -150,20 +146,3 @@ span#hostname { #certificateErrorReporting { display: none; } - -#certificateErrorDebugInformation { - display: none; - background-color: var(--in-content-box-background-hover) !important; - border-top: 1px solid var(--in-content-border-color); - position: absolute; - left: 0%; - top: 100%; - width: 65%; - padding: 1em 17.5%; -} - -#certificateErrorText { - font-family: monospace; - white-space: pre-wrap; - padding: 1em 0; -} diff --git a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties index 9c732ce9d..23d7a323c 100755 --- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties +++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties @@ -279,8 +279,7 @@ certErrorExpiredNow=The certificate expired on %1$S. The current time is %2$S. # LOCALIZATION NOTE (certErrorNotYetValidNow): Do not translate %1$S (date+time certificate will become valid) or %2$S (current date+time) certErrorNotYetValidNow=The certificate will not be valid until %1$S. The current time is %2$S. -# LOCALIZATION NOTE (certErrorCodePrefix2): Do not translate <a id="errorCode" title="%1$S">%1$S</a> -certErrorCodePrefix2=Error code: <a id="errorCode" title="%1$S">%1$S</a> +certErrorCodePrefix=(Error code: %S) P12DefaultNickname=Imported Certificate CertUnknown=Unknown diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp index fe39f4017..0e2238ad0 100644 --- a/security/manager/ssl/TransportSecurityInfo.cpp +++ b/security/manager/ssl/TransportSecurityInfo.cpp @@ -854,7 +854,7 @@ AppendErrorTextCode(PRErrorCode errorCodeToReport, nsString formattedString; nsresult rv; - rv = component->PIPBundleFormatStringFromName("certErrorCodePrefix2", + rv = component->PIPBundleFormatStringFromName("certErrorCodePrefix", params, 1, formattedString); if (NS_SUCCEEDED(rv)) { diff --git a/security/manager/ssl/nsNSSErrors.cpp b/security/manager/ssl/nsNSSErrors.cpp index fc8bd3e31..1613eb4e7 100644 --- a/security/manager/ssl/nsNSSErrors.cpp +++ b/security/manager/ssl/nsNSSErrors.cpp @@ -84,7 +84,7 @@ nsNSSErrors::getErrorMessageFromCode(PRErrorCode err, params[0] = idU.get(); nsString formattedString; - rv = component->PIPBundleFormatStringFromName("certErrorCodePrefix2", + rv = component->PIPBundleFormatStringFromName("certErrorCodePrefix", params, 1, formattedString); if (NS_SUCCEEDED(rv)) { |