[UIFe] Provide a dialog so that a user can accept SSL certificates

Bug #933729 reported by Manuel de la Peña on 2012-02-16
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu Single Sign On Client
Status tracked in Trunk
Stable-3-0
Undecided
Unassigned
Trunk
Medium
Manuel de la Peña
ubuntu-sso-client (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned

Bug Description

With the addition of proxy support a new dialog is required. If a user connect to a proxy that uses a SSL certificate that has one of following issues:

* The proxy is using a self-signed certificate
* The proxy is using a free SSL Certificate
* The proxy is using a trusted SSL certificate but it is missing a chain/intermediate certificate.
* The certificate does no match
* etc..

A dialog should be prompted to the user stating there is a security issue. This is fundamental since if the proxy is not trusted the application should not use it.

Emails sent to Docs and Translators lists:

https://lists.ubuntu.com/archives/ubuntu-doc/2012-February/016352.html
https://lists.ubuntu.com/archives/ubuntu-translators/2012-February/005161.html

Related branches

Changed in ubuntu-sso-client:
status: New → In Progress
assignee: nobody → Manuel de la Peña (mandel)
importance: Undecided → Medium
summary: - Provide a dialog so that a user can accept SSL certificates
+ [UIFe] Provide a dialog so that a user can accept SSL certificates
description: updated
tags: added: u1-proxy-uife
tags: added: u1-fe
description: updated
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubuntu-sso-client (Ubuntu):
status: New → Confirmed
Martin Pitt (pitti) wrote :

Approved to show a dialog. However, please differ between self-signed/low trust certificates and mismatches. In the former case, a mild warning dialog is sufficient, but if SSL certificate validation fails because of a mismatch (e. g. server name changed) you should outright abort the operation and show an error; that's the very situation SSL is supposed to protect from, so asking the user to "do it anyway?" sounds dangerous. Unless I misunderstood what you meant with "mismatch"?

Manuel de la Peña (mandel) wrote :

Martin,

This bug is just related to the required dialog that will be shown to the user. It does not include the logic that is used to ensure that the correct thing is done. I have done in such a way because I believe that having bugs with a single concern is the way to go. That is missing UI, later logic to show the ui and behave accordingly.

Leaving the scope of the bug aside, the situation in which such a certificate mismatch might occur is very limited since we are dealing with the proxy settings and not a general web page. Lets assume that the certificate is wrong, what could have happened:

* User used the IP of the proxy rather than the domain used in the certificate.
* The company forces the user to use the proxy with a bad set up certificate (I have work in a number of companies than do such a thing)

If we let the user accept the certificate this will be a pinned certificate, that is, the user explicitly decided to accept the certificate. Preventing the user from doing stupid things is a lovely goal, but preventing them getting their software from working because someone in their corporation screwed up (bad certificate) is not. I have been talking with upstream (Gnome) recently of giving a hand with http://developer.gnome.org/gcr/unstable/gcr-Trust-Storage-and-Lookups.html so that it can be used in Ubuntu One and more widely used in the desktop which, I believe, the way to go.

Changed in ubuntu-sso-client:
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-sso-client - 2.99.90-0ubuntu1

---------------
ubuntu-sso-client (2.99.90-0ubuntu1) precise; urgency=low

  * New upstream release:
    [ Diego Sarmentero <email address hidden> ]
      - Hide the errors label on refresh captcha (LP: #947202).
      - Changed the name of the function assigned to the lambda that is called
        on passwordChanged signal from reset_password_page (LP: #945080).
      - Made on_user_validated also emit stopProcessing so callers can hide
        any processing overlay they are showing (LP: #945094).
      - Fixed: Qt UI: there is not loading overvaly while validating an
        email address (LP: #944767).
      - Fixed: Qt UI: clicking on the "Set Up Account" button takes me
        instantly to the verification page, even if there are form errors
        (LP: #934502).
      - Fix: [UIFe] Improve the display of errors in the Qt UI (LP: #938604).
      - Fixed: The header in the pages is above the overlay (LP: #934523).
      - Fixed: [UIFE] The padding of the wizard pages in the Qt UI is not
        correct (LP: #934519).
    [ Manuel de la Pena <email address hidden> ]
      - Ensure that the strings used in sso do not have "ubuntu one" in them
        (LP: #933729).
      - Ensure that the strings used are the ones provided by design
        (LP: #937905).
      - Added the dialog that will be used to show that a certificate has issues
        (LP: #933729).
    [ Natalia B. Bidart <email address hidden> ]
      - Add proper titles and subtitles for the Login and Forgot password
        pages (LP: #945061).
      - Made UI modules to setup the gui logging logger (LP: #947469).
      - Fallback to the GTK+ UI when the specified ui_executable does
        not exist (LP: #939821).
      - Move the 'choose sign in page' to client code (U1 control panel
        in this case) (LP: #933576).
      - Do not mask ImportError by importing inside a function (LP: #939173).
      - No more strings coming up from the Designer ui files (LP: #938626).
    [ Roberto Alsina <email address hidden> ]
      - Made the network detection code return ONLINE if NM is not available
        (but still UNKNOWN if it's available and fails) (LP: #939703).
  * debian/control:
    - Updated Standards-Version to 3.9.93.
  * debian/watch:
    - Updated to fetch latest milestone.
  * Removed patches which were included upstream.
 -- Natalia Bidart (nessita) <email address hidden> Tue, 06 Mar 2012 15:57:56 -0300

Changed in ubuntu-sso-client (Ubuntu Precise):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers