GNOME Bugzilla – Bug 444844
No sane error message when downloading from invalid certificate SSL connection
Last modified: 2016-02-28 05:47:53 UTC
Please describe the problem: First reported on Launchpad : https://bugs.launchpad.net/ubuntu/+source/epiphany-browser/+bug/118974 by https://bugs.launchpad.net/~jelmer Epiphany lists a download as "failed" in the downloads window without any further indication why the download fails in the following situation: Downloading a file over a HTTPS connection, where the server does not have a certificate that is signed by a CA trusted by the user. Steps to reproduce: 1. Go to https://bioinformatics.chem.uu.nl/ and accept the certificate. 2. Right click on the Venncy link and select download Actual results: Download doesn't start and says "Failed" Expected results: User should be asked if he wants to download from an untrusted source, or a message should tell user that it won't download because of the certificate. It shouldn't just say "Failed" Does this happen every time? Yes Other information:
Yes, I can reproduce this.
By the way, the download works correctly when you simply click the link.
Exact, but it would be great if we also could right click.
Anyone have an updated test case for this? The above link doesn't seem to work.
(In reply to Jérôme Guelfucci from comment #0) > Expected results: > User should be asked if he wants to download from an untrusted source, or a > message should tell user that it won't download because of the certificate. > It shouldn't just say "Failed" We silently fail all subresource loads with unacceptable TLS certificates, and so do all major browsers except Safari. I think failing downloads is good as well. Unacceptable TLS certificates are, nowadays, unacceptable, the site is broken, no reason the user should be prompted to think about such things.