| Summary: | No UI for accepting/rejecting SSL certificates for ucb curl backend | ||
|---|---|---|---|
| Product: | LibreOffice | Reporter: | Andras Timar <timar74> |
| Component: | LibreOffice | Assignee: | Not Assigned <libreoffice-bugs> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | enhancement | CC: | giuseppe.castagno, michael.stahl, stephane.guillou |
| Priority: | medium | ||
| Version: | 7.3 all versions | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Crash report or crash signature: | Regression By: | ||
| Bug Depends on: | |||
| Bug Blocks: | 34694, 104742 | ||
| Attachments: |
Old dialog, pre-LibreOffice 7.3
New behaviour in current LibreOffice |
||
Created attachment 194334 [details]
New behaviour in current LibreOffice
Makes sense to me. Michael and Giuseppe, what do you think? this is intentionally not provided; browsers stopped showing such dialogs years ago because they just condition users to click OK and compromise their security; it's terrible UX. if you want to access your server with a self-signed certificate, add the certificate to the operating system's certificate store, this should work with TDF builds on all 3 platforms. OK, I accept the explanation, thanks. As a follow-up task, the UI could be removed from the code (sslwarndialog.ui and the code that uses it). removal may happen in next weeks, our customer has complained about "TLS errors such as failed certificate checks are handled differently in LibreOffice" ... they claim the dialog is still shown by CMIS UCP... how did i change the resolution, i swear i didn't click anything |
Created attachment 194333 [details] Old dialog, pre-LibreOffice 7.3 If there is an image in a document linked from a https:// site, or if we wish to insert an image to a document from a https:// site and the SSL certificate of this site does not pass the verification step in ucb's curl backend, then we get a non-helpful error message, like "Could not establish internet connection". In older versions of LibreOffice, where the default ucb backend was neon, the interaction handler kicked in, and we could view the certificate, and accept or reject it (and this choice was remembered). The enhancement request is to implement the interaction handler for curl, like it was done for neon.