Skip to content

Commit d6700d7

Browse files
committed
Attempt to warn the user when the Observatory reports questionable certificates
1 parent df539e5 commit d6700d7

File tree

4 files changed

+64
-2
lines changed

4 files changed

+64
-2
lines changed
Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
<?xml version="1.0" encoding="utf-8"?>
2+
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
3+
<!DOCTYPE window SYSTEM "chrome://https-everywhere/locale/ssl-observatory.dtd">
4+
<window id="ssl-observatory-dialog"
5+
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
6+
xmlns:html="http://www.w3.org/1999/xhtml"
7+
title="&ssl-observatory.warning.title;"
8+
align="center"
9+
onload="document.getElementById('ask-me-later').focus()"
10+
>
11+
<script type="application/x-javascript" src="observatory-preferences.js" />
12+
<image src="chrome://https-everywhere/skin/ssl-observatory-messy.jpg" />
13+
<label style="padding:25px;">EFF's SSL Observatory has issued a warning about the HTTPS certificiate(s) for this site</label>
14+
<separator class="thin"/>
15+
<label style="padding:25px;" id="warning-text"></label>
16+
17+
<commandgroup>
18+
<command id="showcert" oncommand="window.close()" />
19+
<command id="okay" oncommand='window.close()'
20+
/>
21+
</commandgroup>
22+
23+
<separator class="thin"/>
24+
<hbox>
25+
<spacer flex="2" />
26+
<button label="&ssl-observatory.warning.showcert;" accesskey="s"
27+
command='showcert'/>
28+
<spacer flex="1" />
29+
<button label="&ssl-observatory.warning.okay;" accesskey="o"
30+
command='okay'/>
31+
<spacer flex="2" />
32+
</hbox>
33+
34+
<!--
35+
<hbox style="padding-top:10px;">
36+
<label class="text-link" href="https://www.eff.org/" tabindex="3" value="&ssl-observatory.popup.details;" />
37+
<spacer flex="1" />
38+
<button label="&ssl-observatory.popup.later;" id="ask-me-later" tabindex="0" style="font-size:0.8em;" accesskey="l"
39+
oncommand="doCancel()"/>-
40+
</hbox>-->
41+
</window>

src/chrome/locale/en/ssl-observatory.dtd

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,4 +91,8 @@ for names that it cannot resolve through the DNS system.">
9191
<!ENTITY ssl-observatory.prefs.title "SSL Observatory Preferences">
9292

9393
<!ENTITY ssl-observatory.prefs.use "Use the Observatory?">
94+
<!ENTITY ssl-observatory.warning.title "WARNING from EFF's SSL Observatory">
95+
<!ENTITY ssl-observatory.warning.showcert "Show the certificates">
96+
<!ENTITY ssl-observatory.warning.okay "I understand">
97+
9498

src/components/https-everywhere.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -568,7 +568,7 @@ HTTPSEverywhere.prototype = {
568568
function chrome_opener(uri) {
569569
// we don't use window.open, because we need to work around TorButton's
570570
// state control
571-
CC['@mozilla.org/appshell/window-mediator;1']
571+
return CC['@mozilla.org/appshell/window-mediator;1']
572572
.getService(CI.nsIWindowMediator)
573573
.getMostRecentWindow('navigator:browser')
574574
.open(uri,'', 'chrome,centerscreen' );

src/components/ssl-observatory.js

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -384,13 +384,21 @@ SSLObservatory.prototype = {
384384
var that = this; // We have neither SSLObservatory nor this in scope in the lambda
385385
req.onreadystatechange = function(evt) {
386386
if (req.readyState == 4) {
387-
// XXX: Handle errors properly?
388387
if (req.status == 200) {
389388
that.log(INFO, "Successful cert submission");
390389
if (!that.prefs.getBoolPref("extensions.https_everywhere._observatory.cache_submitted")) {
391390
if (fps[0] in that.already_submitted)
392391
delete that.already_submitted[fps[0]];
393392
}
393+
} else if (req.status == 403) {
394+
that.log(WARN, "The SSL Observatory has issued a warning about this certificate for " + domain);
395+
try {
396+
var warningObj = JSON.parse(req.responseText);
397+
this.warnUser(warningObj);
398+
} catch(e) {
399+
that.log(WARN, "Failed to process SSL Observatory cert warnings :( " + e);
400+
that.log(WARN, req.responseText);
401+
}
394402
} else {
395403
if (fps[0] in that.already_submitted)
396404
delete that.already_submitted[fps[0]];
@@ -408,6 +416,15 @@ SSLObservatory.prototype = {
408416
req.send(params);
409417
},
410418

419+
warnUser: function(warningObj) {
420+
var label = "";
421+
for (var hash in warningObj)
422+
label += warningObj[hash].long_desc;
423+
var wtext = chrome_opener("chrome://https-everywhere/content/observatory-warning.xul")
424+
.document.getElementById("warning-text");
425+
wtext.setAttribute("value", label);
426+
},
427+
411428
getProxySettings: function() {
412429
var proxy_settings = ["direct", "", 0];
413430
if (this.torbutton_installed && this.myGetBoolPref("use_tor_proxy")) {

0 commit comments

Comments
 (0)