Bug 161262 - No UI for accepting/rejecting SSL certificates for ucb curl backend
Summary: No UI for accepting/rejecting SSL certificates for ucb curl backend
Status: RESOLVED WONTFIX
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
7.3 all versions
Hardware: All All
: medium enhancement
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: Error-Messages Network
  Show dependency treegraph
 
Reported: 2024-05-24 14:21 UTC by Andras Timar
Modified: 2024-06-12 08:22 UTC (History)
3 users (show)

See Also:
Crash report or crash signature:


Attachments
Old dialog, pre-LibreOffice 7.3 (105.36 KB, image/png)
2024-05-24 14:21 UTC, Andras Timar
Details
New behaviour in current LibreOffice (78.18 KB, image/png)
2024-05-24 14:22 UTC, Andras Timar
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andras Timar 2024-05-24 14:21:39 UTC
Created attachment 194333 [details]
Old dialog, pre-LibreOffice 7.3

If there is an image in a document linked from a https:// site, or if we wish to insert an image to a document from a https:// site and the SSL certificate of this site does not pass the verification step in ucb's curl backend, then we get a non-helpful error message, like "Could not establish internet connection". 

In older versions of LibreOffice, where the default ucb backend was neon, the interaction handler kicked in, and we could view the certificate, and accept or reject it (and this choice was remembered). 

The enhancement request is to implement the interaction handler for curl, like it was done for neon.
Comment 1 Andras Timar 2024-05-24 14:22:16 UTC
Created attachment 194334 [details]
New behaviour in current LibreOffice
Comment 2 Stéphane Guillou (stragu) 2024-06-11 13:43:05 UTC
Makes sense to me.
Michael and Giuseppe, what do you think?
Comment 3 Michael Stahl (allotropia) 2024-06-11 13:52:50 UTC
this is intentionally not provided; browsers stopped showing such dialogs years ago because they just condition users to click OK and compromise their security; it's terrible UX.

if you want to access your server with a self-signed certificate, add the certificate to the operating system's certificate store, this should work with TDF builds on all 3 platforms.
Comment 4 Andras Timar 2024-06-11 21:37:55 UTC
OK, I accept the explanation, thanks. As a follow-up task, the UI could be removed from the code (sslwarndialog.ui and the code that uses it).
Comment 5 Michael Stahl (allotropia) 2024-06-12 08:20:18 UTC
removal may happen in next weeks, our customer has complained about "TLS errors such as failed certificate checks are handled differently in LibreOffice" ... they claim the dialog is still shown by CMIS UCP...
Comment 6 Michael Stahl (allotropia) 2024-06-12 08:22:02 UTC
how did i change the resolution, i swear i didn't click anything