After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 703168 - Certificate prompt lacks context
Certificate prompt lacks context
Status: RESOLVED INCOMPLETE
Product: evolution
Classification: Applications
Component: general
3.8.x (obsolete)
Other Linux
: Normal normal
: ---
Assigned To: Evolution Shell Maintainers Team
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2013-06-27 08:10 UTC by David Woodhouse
Modified: 2019-11-12 16:52 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
screen shot (64.72 KB, image/png)
2013-07-22 10:42 UTC, Milan Crha 		Details

Description David Woodhouse 2013-06-27 08:10:14 UTC 
I logged into a GNOME session and was presented with what's shown in the attached screenshot. The first thing I get, right in the centre of my screen when I log in, is a warning about a certificate. What certificate? What was it being used for? Was the system *trying* to talk to www.btopenzone.com, or is this a MITM attack?

You are asking me if I should accept this cert for this particular purpose, or not. Which is a hard one to answer if you don't actually *tell* me what purpose you'd be using it *for*.

There's a hint hidden right up in the top left-hand corner of the screen, where it says 'evolution-user-prompter'. But that's nowhere near good enough.

I'm looking for the text in the dialog box to start with something along the lines of...

When attempting to contact 'www.google.com' to fetch calendar data, the following certificate was presented by the server to assert its identity:

(I'm guessing; I have no idea which server it was really trying to talk to.)
Comment 1 Milan Crha 2013-07-19 12:33:28 UTC 
No attachment added, but anyway, this is bug #694322.

(In reply to comment #0)
> You are asking me if I should accept this cert for this particular purpose, or
> not. Which is a hard one to answer if you don't actually *tell* me what purpose
> you'd be using it *for*.

I understand it's hard to answer, but I do not agree completely with the "purpose" part. Basically, if I'm trying to access the server through some ManInTheMiddle, then it doesn't matter why, the thing which matters is that the connection itself looks suspicious, regardless of what I'm going to do after I "successfully" log in.

*** This bug has been marked as a duplicate of bug 694322 ***
Comment 2 David Woodhouse 2013-07-19 12:48:04 UTC 
(In reply to comment #1)
> Basically, if I'm trying to access the server through some
> ManInTheMiddle, then it doesn't matter why, the thing which matters is that the
> connection itself looks suspicious, 


You say 'the server'.

My point was that I have no idea *which* server you were trying to talk to.
So I have no idea if the connection looks suspicious.
Comment 3 David Woodhouse 2013-07-19 12:50:28 UTC 
FWIW I'm not sure this *is* a duplicate. But 694322 was complaining about the fact that this dialog occurs at all (Hell, NM shouldn't be telling us we're online until we are actually online. We shouldn't have our connections getting stolen by the captive portal.)

This bug was specifically for the fact that the message *within* the dialog box is unhelpful, on the occasions that it *does* happen.
Comment 4 Milan Crha 2013-07-22 08:49:26 UTC 
If I open the bug #694322 comment #1 attachment, then the first line, the bold text (intentionally bold) in it shows the host name and then the account name as you have it configured in evolution. I expect that these two pieces of information, especially the first one with host name the backend tried to connect to, gives enough clue what server it is communicating to.
Comment 5 David Woodhouse 2013-07-22 09:26:07 UTC 
Mine didn't have that. http://david.woodhou.se/wtf-is-this-cert.png
Comment 6 Milan Crha 2013-07-22 10:42:47 UTC 
Created attachment 249770 [details]
screen shot

(Just for a record.) Oh, how could that happen?
Comment 7 Milan Crha 2013-07-22 10:43:25 UTC 
Reopening for the prove of breakage (screenshot).
Comment 8 David Woodhouse 2013-07-22 10:56:44 UTC 
My system clock was wrong. Evo objected to the fact that the certificate wasn't yet valid, before it spotted the fact that it was for a host *other* than the host it was actaully trying to reach.
Comment 9 Milan Crha 2013-07-22 16:31:34 UTC 
Hmm, the screenshot (comment #6) doesn't make sense to me, because the code clearly adds at least: "Detailed information about the certificate:", but this is not part of your image. There is some whitespace gap at the top, possibly
the two \n\n, thus maybe this is a translation issue?

https://git.gnome.org/browse/evolution-data-server/tree/modules/trust-prompt/trust-prompt-gtk.c?h=gnome-3-8#n198
Comment 10 Milan Crha 2015-03-16 14:15:15 UTC 
David, do you still see this with 3.12.x (the 3.12.11 is the latest stable currently). The upcoming 3.16.0 has the dialog done differently, as stated in the above-mentioned bug #694322. The text issue looks to me as a translation problem, or something odd in gtk, but the later is less likely, from my point of view.
Comment 11 Alexandre Franke 2019-11-12 16:52:24 UTC 
Closing this bug report as no further information has been provided. Please feel free to reopen this bug report if you can provide the information that was asked for in a previous comment.
Thanks!