Question: browser.ssl_override_behavior clarification

[Thorin-Oakenpants]

One of the items from the mini diff (as opposed to the monster diff) was browser.ssl_override_behavior . I do not quite understand this or the exact consequences. Values are:

0: do neither
1: pre-populate url
2: pre-populate url + pre-fetch cert (default)
https://dxr.mozilla.org/mozilla-central/source/browser/base/content/browser.js#3048

What does pre-populate mean exactly? Can someone tell me EIL5 exactly what happens with each one, because I'm struggling to work out three things for each setting

• is the webpage displayed
• is the warning not shown
• what it happening to the certificate - is it being ignored, re-checked - what is "pre-fetch" - fetch from where?

In almost all google search results, I am seeing people recommend a value of 1 to bypass warnings. What is the rational behind this user.js using 1 - is it for testing purposes?

[pyllyukko]

0

1

[Thorin-Oakenpants]

Thanks. Bear with me.

I understand pre-populate.url now (I assume this is the location field only, which in term enables the rest of the display of text and checkbox and button?) So prefetch-cert is what exactly then? Where's a pic of a setting at 2? And I am still confused - so this setting controls the "Add Security Setting" dialog contentgs, not the SSL error warnings? See this (its a very short read) and read step 5: "(setting at 1) Firefox no longer blocks access to sites or displays warnings because of invalid SSL certificates" - so what is the image labeled 1 doing exisitng (or did you just go to Options>Advanced>Certs etc and flick up the dialog box to take pics for me?)

So 0 means users can't add an exception (but they could type it in and carry on?), 1 means it's pre-popilated (for what, convenience?) and is in what way better than 2 (which I still don't know what difference pre-fetch cert means).

[pyllyukko]

(I assume this is the location field only, which in term enables the rest of the display of text and checkbox and button?)

Yes.

so this setting controls the "Add Security Setting" dialog contentgs, not the SSL error warnings?

Yes.

See this (its a very short read) and read step 5: "(setting at 1) Firefox no longer blocks access to sites or displays warnings because of invalid SSL certificates"

I think that is completely false. It doesn't disable the warnings on invalid certs.

So 0 means users can't add an exception (but they could type it in and carry on?)

Yes it's still possible, just requires more manual work (typing the addr, etc.)

1 means it's pre-popilated (for what, convenience?)

Convenience I guess.

and is in what way better than 2 (which I still don't know what difference pre-fetch cert means).

Skipping one extra connection if the user decides to move away from the page... But!

There doesn't seem to be much difference between 1 & 2. If I recall correctly, there used to... the option 1 (if I remember correctly) meant that the user had to press the "Get certificate" button before the other buttons would activate.

[Thorin-Oakenpants]

Man .. its like that stupid old advice about disabling IPv6 and other myths - bad/wrong advice just perpetuates around the internet and never dies. EVERY single reference to this setting all said the wrong thing. No wonder I was confused, I was trying to work out how another variable behaved (warnings).

Thanks ever so much.