webbrowser only partially loads some https sites

Forget about self-signed sites: It also happens on https://www.amazon.com and https://www.amazon.de:
First, webbrowser-app displays a warning that the site's certificate is invalid (without any reason). If I then choose "continue anyway", the amazon site is only incompletely displayed.

The amazon web-app (preinstalled on Ubuntu phone) is dysfunctional for the same reason.

Modified bug description.

I’m not seeing the issue with https://www.amazon.[com|de], they load fine on both my E4.5 and my MX4.

I am seeing the problem with your router’s web interface. Relevant bits of the logs:

[0116/080753:ERROR:cert_verify_proc_nss.cc(942)] CERT_PKIXVerifyCert for rkupper.no-ip.org failed err=-8172
qml: [JS] (https://rkupper.no-ip.org/:123) Uncaught ReferenceError: html is not defined

The first line shows up when the self-signed certificate warning page is shown.
The second line shows up when choosing to continue anyway. It looks like some javascript is trying to do some incorrect processing and the page fails to render altogether.

On desktop I see either that same error or a different one in the logs, but it also results in the page failing to render:

qml: [JS] (https://rkupper.no-ip.org/:123) Uncaught TypeError: Cannot read property 'blueBarHead' of undefined

The relevant part of the source of the page which fails to render is:

<html>
[…]
<body>
[…]
<script type="text/javascript">
[…]
function localInit() {
"use strict";
window.history.replaceState({}, '', '/');
html.blueBarHead({
"type": "login",
title: data.bluBarTitle,
parent: document.body
});
login.init(data);
}
localInit();
</script>
</body>
</html>

The 'html' variable is being defined in a script that’s loaded earlier, https://rkupper.no-ip.org/js/html.js. It looks like that script might not have been loaded yet at that point? I wonder if that's related with the certificate error at all? Adding an oxide task for further investigation.

About:

> Try loading https://www.amazon.com. Observe that webbrowser-app
> displays warning about invalid certificate, without any apparent
> reason.

I can now reproduce the issue, even after closing the browser and opening again (and even after completely deleting the browser profile and cache). This started happening after visiting https://rkupper.no-ip.org/, it wasn’t happening before.

So there are two issues here, possibly related:

 - content not loading completely (or not in the expected order) when bypassing certificate warning on https://rkupper.no-ip.org/

 - after visiting that site, visiting https://www.amazon.com/ always displays an invalid certificate warning (unknown reason), even after purging browser cache, config and local storage, and even across reboots

Status changed to 'Confirmed' because the bug affects multiple users.

It's basically hitting the same issue as https://bugs.chromium.org/p/chromium/issues/detail?id=664177 because the build was 10 weeks old from yesterday (actually, it's not quite, but the build date recorded in the build is the first Sunday of the month, which is 6th November for the version of Oxide in OTA-14).

So all that’s needed is an oxide update. I’m preparing a silo with 1.19.7, targetting OTA-15.

Olivier and Chris, thanks for tracking this down so quickly! I understand it will be some weeks before the release of OTA-15. Is there something I can do to make things work for me in the meantime?

@Rüdiger: until OTA-15 is released, your best bet would be to switch your device to the rc-proposed channel, which has a more recent version of oxide.

Confirming identical symptoms (symantec sites) to the ones mentioned in chromium issue linked above. Please consider removing misleading "self-signed" -part from bug title.

Good point Tuomas, and thanks Rüdiger for updating the title. You might want to file a separate bug report for your router’s web interface content not loading completely, as it appears to not work with oxide 1.19.7 either.

Hi, i get ssl error on amazon.de and this error on google+:
https://plus.google.com/communities/118436859239534473331

"Dein Browser wird von Google+ nicht unterstützt. Entweder ist deine Browserversion veraltet oder du verwendest einen nicht unterstützten Browsertyp."

All updates are installed on Aquaris 4.5 and Nexus7.

@Pad: I read ubuntu touch is temporary dead and ther won't be OTA 15:
https://lists.launchpad.net/ubuntu-phone/msg23187.html and here:
http://ubuntufun.de/2017/01/canonical-bestaetigt-die-roadmap-des-ubuntu-phone-projekt/

I hope its not true because i hope we get in OTA 15 a timer for fligtmode to protect people before microwave at night when the von is used as timer. Microwave is under suspicion to generate cancer. And i hope there comes a cisco-vpn client for german fritz!box vpn-connections.

So i pray for OTA 15.

@bluexxx: the google+ error is a different bug: https://launchpad.net/bugs/1656310.

The message on the ML might have been misleading: we are working on an OTA-15, but it won’t contain new features, only a very limited number of critical bug fixes.

when going on some websites like posteo.de, i don't get even "continue anyway", just "certificat of this website is not approuved".

Is this also the reason why ebay doesn't work on M10? (also in a web browser after You click a search button)

https://bugs.launchpad.net/webapps-sprint/+bug/1575780

No, that one is a different issue, better tracked in its separate bug report.

"Versions of Chrome 53 that are more than 10 weeks old
now display this error message for all
websites using Symantec certificates
that were issued on or after June 1, 2016
(including from Symantec-owned brands
like Thawte and GeoTrust)."
All symantec certificates(aliexpress.com, lego.com).

Hello, I also encounter this problem from the Meizu Pro5 and on many sites, only a few days ago. I'm in OTA 14.
The site certificate is not approved. The security certificate of this site is not trustworthy. The server presented a security certificate that did not pass our trusted tests for an unknown reason.

Here is the certificate of one of the denied sites.

Filed another bug report for web browser not loading self-signed sites, as this problem persists with OTA-15: Bug #1662559

Semi-worksforme @ OTA-15, as in symptoms disappeared for now.
But we shall see whether actual bug(s) were addressed as well after
after 10 weeks assuming no OTA-16 before that.