One small clarification, the return value of my nsIBadCertListener2 does affect whether the simple prompt dialog is shown or not. So presumably the listener should request that this prompt dialog not be shown so that the bad certificate can be handled in another way. I just need to know if an implementation of "another way" is already available for reuse by embedders, such as the page that firefox shows, or the dialog content that was shown pre-xulrunner-1.9.
Grant "Grant Gayed" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, I was pointed here from moz.dev.embedding, > > Our app uses xulrunner to embed gecko. Prior to 1.9 we could handle sites > with invalid certificates by simply providing a window (in response to an > nsIWindowCreator2 request) for xulrunner to fill in. The user could then > use this window to review and trust the certificate if they chose. Now in > xulrunners from trunk, this behavior has changed to just show a prompt > dialog with a short message ("...bad_cert_domain...") that does not allow > the user to proceed under any circumstance. > > I see in firefox trunk builds that the invalid certificate dialogs have been > replaced by error pages that have similar functionality to the previous > error dialogs, just with some more clicks required. Is there a way for an > embedder to show this error page as of xulrunner 1.9? Or is there some > other way to allow xulrunner to handle it without requiring the embedder to > re-implement this error dialog/page on their own? I've added an > nsIBadCertListener2, which is being invoked when a bad certificate is > encountered, but its return value does not seem to affect the default > behavior of just showing the simple prompt. > > Thanks, > Grant > > _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
