The SSL Observatory client should listen for and submit invalid certs

There's an API for doing so here:

https://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/public/nsIBadCertListener2.idl

added component::https everywhere/eff-https everywhere owner::pde priority::medium severity::normal status::needs-review type::enhancement labels

I should mention we're trying to deprecate nsIBadCertListener2 - you should be able to do what it does by opening a connection and receiving events on its channel I've done a similar thing in test_ocsp_stapling.js in https://bugzilla.mozilla.org/page.cgi?id=splinter.html&bug=700693&attachment=747679 keeler: by "opening a connection" to you mean making a ghost https request for every https domain the browser connects to? s/to/do ? oh, no - that would be a bit of a bummer. I just meant for an individual request I guess nsIBadCertListener2 is the only way to do it wholesale keeler: is there a bug we can watch for the future of nsIBadCertListener2? pde: hmmm - maybe I was wrong about that. We removed some unnecessary implementations of it in bug 750421, but I don't think there's a bug on removing the interface entirely yet Bug https://bugzilla.mozilla.org/show_bug.cgi?id=750421 enh, --, mozilla22, bsmith, RESO FIXED, Remove unnecessary nsIBadCertListener2 and nsISSLErrorListener implementations keeler pde: which interface? nsIBadCertListener2 keeler pde: it is possible to get the effect of nsIBadCertListener2 using other callbacks. bsmith: for all connections? keeler: I think you can use nsIWebProgressListener and similar, in all contexts that oyu can use nsIBadCertListener2 oh yeah

A draft implementation is in this branch. Dan, when you get a chance do you want to see if this looks ok and decide what you'd like to do to flag invalidity in these submissions?

Trac:
Status: new to needs_review

Set all open tickets without a severity to "Normal"

Trac:
Severity: N/A to Normal

moved to tpo/applications/https-everywhere-eff#8957 (closed)