Adding a certificate exception for non-trusted HTTPS sites is difficult

Thanks for your report, can you give us a url where to test that? thanks.

http://thedanielfamily.org/

The above URL will contain a single link. If I click on it with Epiphany I go nowhere. If I use firefox it goes to the correct URL.

I am affected by this bug. (I can't give any URLs as they are for non-public resources.)

this happens for me too, on hardy.

even going directly to a site with invalid security information (by typing the https:// url into the address bar) doesn't work at all.

it's as if the hook from gecko into epiphany to show the "are you sure?" dialog is broken.

Confirming on Hardy, too. Yet another URL:
https://intranet.study.fce.vutbr.cz/ (expired certificate)

that seems to be a xulrunner-1.9 issue, opening a task there too

Confirming, seems to be an Ubuntu specific issue this isn't reproducible with trunk, thanks.

This might be related to the about:config bug Which doesn't do anything in epiphany with xr1.9
In both the ssl case and about:config case firefox-3.0 opens a "warning/info dialog embedded as a html page" (Best textual explanation i could figure out)

FWIW, this is blocking me from closing freedesktop.org bugs...

as a workaround you can grant permanent certificate exception in firefox and then copy the *.db files from firefox to epiphany profile.

Same problem here.

https works for officialy signed and valid ssl certificates.
https does not work for self-signed, expired

As soon as the certificate is not 100% OK, there should be a message about the problem, but you can only see a blank page.
The handling of SSL errors (i.e. self-signed certificates, expired, etc.) has changed in gecko 1.9 (firefox 3). Today you get a fancy html message in firefox instead of a dialog window.

Another site: https://bugs.freedesktop.org (self-signed certificate)

The certificates signed by cacert.org are not valid CA Authorities for gecko 1.9.

Firefox 3.0 show a fancy HTML with 2 buttons where you can add exceptions.
However, gecko 1.9 in Epyphany 2.22.0 doesn't show any buttons.

This is an usability issue, becasue there is no other ways to do it easily.

Damn it!

It a bit obfuscated the way to add an exception.

Menu: Tools/Manage Certificates

Tab: Servers

Button: Add Exception...

and Fill the form. This means, add the url manually and/or copy/paste it.

Giving so many steps, will end in user changing the browser to use.

There are so many FLOSS projects using this kind of certificates (cacert.org signed or self-signed), that looks a bit strange.

The pretty html is nice, except it doesn't actually help.

It says to add an exception in my "advanced encryption settings" - where are they? I have scrubbed every menu and there is nothing in there, there is no way my mum is going to be able to work this out. This should be a blocker.

The specific menu is "Tools" and the menu item is "Manage Certificates". You then press "Add Exception" and re-input the URL. (This information is by no means intended to substitute for better documentation and better handling, I agree that there should be both.)

It should by noted that the Tools -> Manage Certificates menu is not immediately available. You first have to enable the 'Certificates' extension. To do this you must have the epiphany-extensions package installed and then you enable it by navigating to Tools -> Extensions and then select the Certificates extension.

Thanks for the pointer Mary, and thanks Senor for pointing out how actually get a Tools menu, currently I don't have one. All that together constitues a workaround, but not a very good one.

Another url that doesn't work:

https://bugs.freedesktop.org/

We can no longer report bugs with epiphany about, for example, compiz.
This is with up-to-date (april 5) hardy

With the most recent xulrunner and epiphany this is made easier. Much like Firefox 3 you'll get a webpage that explains that you will need to explicitly set an exception for that site. It now presents you with a button that takes you to the Tools -> Manage Certificates / Servers / Add Exception window. The only thing it doesn't do is automatically fill in the Server Location field automatically.

> With the most recent xulrunner and epiphany this is made easier.

At the moment, with the following versions, Epiphany is much worse, not better:

epiphany-browser: 2.22.1.1-0ubuntu1
epiphany-gecko: 2.22.1.1-0ubuntu1
xulrunner-1.9: 1.9~b5+nobinonly-0ubuntu1
epiphany-extensions: 2.22.0-0ubuntu1
epiphany-browser-dbg: 2.22.1.1-0ubuntu1

If I visit https://bugtrack.alsa-project.org/alsa-bug/ epiphany crashes entirely. I'll report it separately and add the bug number here.

My complete inability to view any HTTPS site whatsoever (including valid certificates) without crashing Epiphany entirely has been filed as bug 214468.

Having worked around bug 214468, I've looked at the new version that Senor Hubris pointed out. From the description:

Problems with the current solution:
1. it requires installing epiphany-extensions, which many users need to add especially [NO LONGER TRUE]
2. it requires a lengthy sequence of steps [NO LONGER TRUE, although perhaps having to click on "Or you can add an exception…" and then "Add Exception" is still long]
3. it requires re-entering the URL [STILL TRUE]
4. the lengthy sequence of steps is not spelled out in the error dialog, which refers to 'advanced encryption settings', which does not appear in the menus [NO LONGER TRUE]

I'll update the description accordingly.

I have just had an issue with a broken SSL certificate that I needed to accept as a one-off and found Epiphany to be significantly inferior to Galeon in the way the browser interacts with the user. Can I propose that following the Galeon way of doing things would improve Epiphany -- i.e. put up a small dialog asking the user for permission to connect anyway even though the certificate is formally not acceptable, or not.

I am using Hardy and hence Epiphany version 2.22.2-0ubuntu0.8.04.2

This is not Epiphany's fault, it is XULRunner's (Mozilla's rendering engine).

Epiphany required to re-enter the URL when connecting to self signed https sites
This is quite anoying, as epiphany seems to use the same dialog and error message as firefox and firefox gets it right this must be somehow epiphany related. Please look into further, it is still happening in Intrepid Ibex Epiphany

Packages:
--- snip ---
ii epiphany-browser 2.23.91-0ubuntu1 Intuitive web browser - dummy package
ii epiphany-browser-data 2.23.91-0ubuntu1 Data files for the GNOME web browser
ii epiphany-extensions 2.23.91-0ubuntu1 Extensions for Epiphany web browser
ii epiphany-gecko 2.23.91-0ubuntu1 Intuitive GNOME web browser - Gecko version
--- snap ---

Bug still applies also to jaunty version 2.26.0-0ubuntu3 of epiphany.

IMHO there are only 2 ways out of this:
a) fix it in the deb package with a patch by the maintainer
b) close this bug as wontfix ( -> it's what upstream did because of the change to webkit in next release - hopefully)

Version 2.26.1-0ubuntu1 of epiphany-browser is affected too.
I confirm this bug. The behavior of "Add Certificate Exception" window is not the same as it is in Mozilla Firefox (it does fill the URL in text field automatically).

This bug is no longer relevant. Upstream has expired the Bug and is no longer working on the xul version of epiphany since a long while. Would someone please mark it as Wont Fix please?

Hi Michael, thank you for the update.

I'm reopening this based on incomplete information. I'm sorry, I can't test the oneiric version at the moment. But the claims in the upstream ticket of this being fixed in trunk and 2.22 are clearly wrong. Things have actually gotten worse with an even less helpful message in 2.30.2.

Whether or not upstream has dropped xul or not seems pretty irrelevant to me. There is still a package called "epiphany-browser" in ubuntu and if the latest version of that exhibits the described problem then it's not fixed. It would be very nice to hear from someone running oneiric what kind of message they get when trying to open https://grid-voms.desy.de:8443/voms/ilc/

The XUL version of Epiphany is no longer in the archives; since Lucid, there's just the webkit version.

The link you pasted gives me "Server required TLS certificate". This message comes from glib-networking and corresponds to G_TLS_ERROR_CERTIFICATE_REQUIRED which, according to http://developer.gnome.org/gio/2.28/gio-TLS-Overview.html, means: The TLS handshake failed because the server requested a client-side certificate, but none was provided.

What you are seeing looks to me as a different bug, but please correct me if I'm wrong.

Thank you, Andrea, for picking this up.

There may indeed be more than one type of secure connection error at play here. For me this bug is about epiphany not making it easy to deal with those connection errors. Try https://www.support.topnetworks.de/ It's my understanding that the root cause of the insecure connection is an error in the certificate, nothing too serious in this case. It was easy to find this out and add an exception in Firefox whereas it's still impossible or close to impossible to handle these type of errors in epiphany.

Hi Rolf and thank you for your feedback.

On Mon, 2011-07-25 at 18:51 +0000, Rolf Leggewie wrote:
> There may indeed be more than one type of secure connection error at
> play here. For me this bug is about epiphany not making it easy to deal
> with those connection errors. Try https://www.support.topnetworks.de/

For me, Firefox and Chromium and the only that warn me about the
problems with the certificate. Epiphany just displays a small broken
padlock with a red X in the address bar, but nothing prevents me from
browsing the website.

I've also done some tests locally using self-signed, expired and wrong
certificates and all produces the same result. After spending half an
hour trying to figure out why we are seeing different results, I finally
found the answer: I'm using epiphany from the GNOME 3 PPA, which has
version 3.0.4-1ubuntu1~natty1.

Oneiric ships version 3.0.4-1ubuntu1, so I bet the bug is now fixed in
the development version of Ubuntu (although I'll do some tests just to
be sure). So, with your consensus, I'm going to close this bug. Thank
you again for all your feedback.

Andrea, thank you for your work.