Oxide

Additional certificate error types

Bug #1574799 reported by Chris Coulson on 2016-04-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Oxide	Triaged	Low	Unassigned

Bug Description

We should add support for the following additional flags in OxideQSecurityStatus::CertStatus:

- net::CERT_STATUS_NON_UNIQUE_NAME (The identity of the server can't be validated because it doesn't have a FQDN).
- net::CERT_STATUS_PINNED_KEY_MISSING (The certificate doesn't match the one expected).
- net::CERT_STATUS_VALIDITY_TOO_LONG (The certificate is valid for too long - 10 years for those issued before 1/7/1012, 5 years for those after and 39 months for those after 1/4/2015)

These currently map to OxideQSecurityStatus::CertStatusGenericError.

In addition to that, we should add support for the following related errors in OxideQCertificateError::Error:

- net::ERR_CERT_NON_UNIQUE_NAME
- net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN
- net::ERR_CERT_VALIDITY_TOO_LONG

These currently map to OxideQCertificateError::ErrorGeneric.

I'm not sure how best to add these without affecting existing clients

Chris Coulson (chrisccoulson) on 2016-04-25

Changed in oxide:
importance:	Undecided → Low
status:	New → Triaged

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.