Display a warning in the security panel if the certificate is expiring in the next 24/48/72 hours |
|||||||||
Issue descriptionAs we discussed, it would be nice to give a warning if the cert is about to expire shortly. This hopefully won't be too out of place, since we already do similar things like warn about upcoming deprecations in the security panel.
,
Feb 10 2017
,
Mar 24 2017
,
Nov 10 2017
,
Dec 11 2017
This is outside of the DevTools component, one can use console API in Blink or content to report it.
,
Dec 12 2017
meacer@, could you help re-triage this issue since you're the original reporter? Thanks!
,
Dec 20 2017
I think two reasonable places to put this would be 1) DocumentLoader::DidCommitNavigation in blink (where the Legacy Symantec Cert console warning is) 2) c/b/ssl/SecurityStateTabHelper::DidFinishNavigation I made a quick CL for (2) at https://crrev.com/c/837029 but haven't written any tests for it yet. I quickly found a soon-to-expire cert [1] via Censys [2], and checked that the console warning displays as desired. No worries if we decide to not add this now, but I do think it would be a useful reminder to reduce unintentionally expired certificates. [1] https://www.marekashley.com [2] https://censys.io/certificates?q=parsed.validity.end%3A+2017-12-21
,
Dec 20 2017
(Specifically, this takes the very simple route of generating a console warning message rather than adding a bullet to the security panel.)
,
Dec 20 2017
,
Dec 22 2017
Do we have any strong opinions about how far-out the warning should happen? 48 hours seems like a good base to go with if not. After discussing with estark@ I changed the CL to display in the Security Panel instead. Since it's no longer potentially clogging the console output, would warning sooner be better?
,
Dec 22 2017
Thanks for taking this Chris. I'd love to have a week of notice in advance, but perhaps that won't be effective as it's too far in the future. So 48 hours SGTM as a starting point.
,
Jan 9 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/96fba2ff8246938a93a8da7e69b25103f3381762 commit 96fba2ff8246938a93a8da7e69b25103f3381762 Author: Christopher Thompson <cthomp@chromium.org> Date: Tue Jan 09 17:13:15 2018 Add security panel bullet for expiring SSL certs This adds a Security Panel info bullet for sites that have an SSL certificate which is expiring in soon (<48 hours from now). This may help some developers notice expiring certificates that they had otherwise forgotten about. Bug: 690711 Change-Id: I7af4e2bd70bbadf73c93c4bb1e379df260d26414 Reviewed-on: https://chromium-review.googlesource.com/837029 Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: David Benjamin <davidben@chromium.org> Commit-Queue: Christopher Thompson <cthomp@chromium.org> Cr-Commit-Position: refs/heads/master@{#528023} [modify] https://crrev.com/96fba2ff8246938a93a8da7e69b25103f3381762/components/security_state/content/DEPS [modify] https://crrev.com/96fba2ff8246938a93a8da7e69b25103f3381762/components/security_state/content/content_utils.cc [modify] https://crrev.com/96fba2ff8246938a93a8da7e69b25103f3381762/components/security_state/content/content_utils_unittest.cc [modify] https://crrev.com/96fba2ff8246938a93a8da7e69b25103f3381762/components/security_state_strings.grdp
,
Jan 16 2018
|
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by mea...@chromium.org
, Feb 9 2017