Hi, I was pointed here from moz.dev.embedding,
Our app uses xulrunner to embed gecko. Prior to 1.9 we could handle sites
with invalid certificates by simply providing a window (in response to an
nsIWindowCreator2 request) for xulrunner to fill in. The user could then
use this window to review and trust the certificate if they chose. Now in
xulrunners from trunk, this behavior has changed to just show a prompt
dialog with a short message ("...bad_cert_domain...") that does not allow
the user to proceed under any circumstance.
I see in firefox trunk builds that the invalid certificate dialogs have been
replaced by error pages that have similar functionality to the previous
error dialogs, just with some more clicks required. Is there a way for an
embedder to show this error page as of xulrunner 1.9? Or is there some
other way to allow xulrunner to handle it without requiring the embedder to
re-implement this error dialog/page on their own? I've added an
nsIBadCertListener2, which is being invoked when a bad certificate is
encountered, but its return value does not seem to affect the default
behavior of just showing the simple prompt.
Thanks,
Grant
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
