diff options
| author | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-16 01:28:00 +0000 |
|---|---|---|
| committer | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-16 01:28:00 +0000 |
| commit | 20b4be8a69b6bd89ae99b38e0c884577f60f6583 (patch) | |
| tree | 30415442361ca48c880c1eefa8bbe03e8efd6da3 /chrome | |
| parent | eb319f3373c207fc3b145954527ee098f6c8568e (diff) | |
| download | chromium_src-20b4be8a69b6bd89ae99b38e0c884577f60f6583.zip chromium_src-20b4be8a69b6bd89ae99b38e0c884577f60f6583.tar.gz chromium_src-20b4be8a69b6bd89ae99b38e0c884577f60f6583.tar.bz2 | |
Remove the wording that suggests it is possible to proceed after fatal SSL error.
But in cases where the error is not fatal and is overridable, add a string
saying you should not proceed. Now, all the messages that say "You should
not proceed..." use the same wording. This makes our message more clear.
Fix a "gcl lint" problem (DCHECK --> DCHECK_LT) while I'm here.
BUG=106254
TEST=compiles
Review URL: http://codereview.chromium.org/8856010
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114744 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/app/chromium_strings.grd | 10 | ||||
| -rw-r--r-- | chrome/app/generated_resources.grd | 15 | ||||
| -rw-r--r-- | chrome/app/google_chrome_strings.grd | 10 | ||||
| -rw-r--r-- | chrome/browser/resources/ssl_roadblock.html | 1 | ||||
| -rw-r--r-- | chrome/browser/ssl/ssl_blocking_page.cc | 5 |
5 files changed, 24 insertions, 17 deletions
diff --git a/chrome/app/chromium_strings.grd b/chrome/app/chromium_strings.grd index b7324e5..32192f7 100644 --- a/chrome/app/chromium_strings.grd +++ b/chrome/app/chromium_strings.grd @@ -190,19 +190,19 @@ be available for now. --> Instant </message> <message name="IDS_CERT_ERROR_COMMON_NAME_INVALID_EXTRA_INFO_2" desc="2nd paragraph of extra information for an unsafe common name in an X509 certificate"> - In this case, the address listed in the certificate does not match the address of the website your browser tried to go to. One possible reason for this is that your communications are being intercepted by an attacker who is presenting a certificate for a different website, which would cause a mismatch. Another possible reason is that the server is set up to return the same certificate for multiple websites, including the one you are attempting to visit, even though that certificate is not valid for all of those websites. Chromium can say for sure that you reached <strong><ph name="DOMAIN2">$1<ex>paypal.com</ex></ph></strong>, but cannot verify that that is the same site as <strong><ph name="DOMAIN">$2<ex>www.paypal.com</ex></ph></strong> which you intended to reach. If you proceed, Chromium will not check for any further name mismatches. In general, it is best not to proceed past this point. + In this case, the address listed in the certificate does not match the address of the website your browser tried to go to. One possible reason for this is that your communications are being intercepted by an attacker who is presenting a certificate for a different website, which would cause a mismatch. Another possible reason is that the server is set up to return the same certificate for multiple websites, including the one you are attempting to visit, even though that certificate is not valid for all of those websites. Chromium can say for sure that you reached <strong><ph name="DOMAIN2">$1<ex>paypal.com</ex></ph></strong>, but cannot verify that that is the same site as <strong><ph name="DOMAIN">$2<ex>www.paypal.com</ex></ph></strong> which you intended to reach. If you proceed, Chromium will not check for any further name mismatches. </message> <message name="IDS_CERT_ERROR_EXPIRED_DETAILS" desc="Details for an expired X509 certificate"> - You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the server presented an expired certificate. No information is available to indicate whether that certificate has been compromised since its expiration. This means Chromium cannot guarantee that you are communicating with <strong><ph name="DOMAIN2">$2<ex>paypal.com</ex></ph></strong> and not an attacker. You should not proceed. + You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the server presented an expired certificate. No information is available to indicate whether that certificate has been compromised since its expiration. This means Chromium cannot guarantee that you are communicating with <strong><ph name="DOMAIN2">$2<ex>paypal.com</ex></ph></strong> and not an attacker. </message> <message name="IDS_CERT_ERROR_NOT_YET_VALID_DETAILS" desc="Details for an X509 certificate that is not yet valid"> - You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the server presented a certificate that is not yet valid. No information is available to indicate whether that certificate can be trusted. Chromium cannot reliably guarantee that you are communicating with <strong><ph name="DOMAIN2">$2<ex>paypal.com</ex></ph></strong> and not an attacker. You should ensure that your clock and time zone are set correctly on your computer. If they are not, you should correct any issues and refresh this page. If they are correct, you should not proceed. + You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the server presented a certificate that is not yet valid. No information is available to indicate whether that certificate can be trusted. Chromium cannot reliably guarantee that you are communicating with <strong><ph name="DOMAIN2">$2<ex>paypal.com</ex></ph></strong> and not an attacker. You should ensure that your clock and time zone are set correctly on your computer. If they are not, you should correct any issues and refresh this page. </message> <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> - You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chromium cannot rely on for identity information, or an attacker may be trying to intercept your communications. You should not proceed, <strong>especially</strong> if you have never seen this warning before for this site. + You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chromium cannot rely on for identity information, or an attacker may be trying to intercept your communications. </message> <message name="IDS_CERT_ERROR_CONTAINS_ERRORS_DETAILS" desc="Details of the error page for an X509 certificate that contains errors"> - You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the certificate that the server presented contains errors. Chromium cannot use a certificate with errors and cannot validate the identity of the site that you have attempted to connect to. Your connection is not secure and you should not proceed. + You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the certificate that the server presented contains errors. Chromium cannot use a certificate with errors and cannot validate the identity of the site that you have attempted to connect to. </message> <message name="IDS_TASK_MANAGER_TITLE" desc="The title of the Task Manager window"> Task Manager - Chromium diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd index 1f3d5b1..27eb3d3 100644 --- a/chrome/app/generated_resources.grd +++ b/chrome/app/generated_resources.grd @@ -2730,7 +2730,7 @@ are declared in build/common.gypi. This is probably not the site you are looking for! </message> <message name="IDS_CERT_ERROR_COMMON_NAME_INVALID_DETAILS" desc="Details for an unsafe common name in an X509 certificate"> - You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but instead you actually reached a server identifying itself as <ph name="DOMAIN2"><strong>$2<ex>fakepaypal.com</ex></strong></ph>. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of <ph name="DOMAIN3"><strong>$3<ex>paypal.com</ex></strong></ph>. You should not proceed. + You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but instead you actually reached a server identifying itself as <ph name="DOMAIN2"><strong>$2<ex>fakepaypal.com</ex></strong></ph>. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of <ph name="DOMAIN3"><strong>$3<ex>paypal.com</ex></strong></ph>. </message> <message name="IDS_CERT_ERROR_COMMON_NAME_INVALID_DESCRIPTION" desc="Description for an unsafe common name in an X509 certificate"> Server's certificate does not match the URL. @@ -2740,7 +2740,7 @@ are declared in build/common.gypi. The site's security certificate has expired! </message> <message name="IDS_CERT_ERROR_EXPIRED_DETAILS_EXTRA_INFO_2" desc="2nd paragraph of extra information for an expired X509 certificate"> - For a certificate which has not expired, the issuer of that certificate is responsible for maintaining something called a "revocation list". If a certificate is ever compromised, the issuer can revoke it by adding it to the revocation list, and then this certificate will no longer be trusted by your browser. Revocation status is not required to be maintained for expired certificates, so while this certificate used to be valid for the website you're visiting, at this point it is not possible to determine whether the certificate was compromised and subsequently revoked, or whether it remains secure. As such it is impossible to tell whether you're communicating with the legitimate website, or whether the certificate was compromised and is now in the possession of an attacker with whom you are communicating. You should not proceed past this point. + For a certificate which has not expired, the issuer of that certificate is responsible for maintaining something called a "revocation list". If a certificate is ever compromised, the issuer can revoke it by adding it to the revocation list, and then this certificate will no longer be trusted by your browser. Revocation status is not required to be maintained for expired certificates, so while this certificate used to be valid for the website you're visiting, at this point it is not possible to determine whether the certificate was compromised and subsequently revoked, or whether it remains secure. As such it is impossible to tell whether you're communicating with the legitimate website, or whether the certificate was compromised and is now in the possession of an attacker with whom you are communicating. </message> <message name="IDS_CERT_ERROR_EXPIRED_DESCRIPTION" desc="Description for an expired X509 certificate"> Server's certificate has expired. @@ -2803,10 +2803,10 @@ are declared in build/common.gypi. The server's security certificate is revoked! </message> <message name="IDS_CERT_ERROR_REVOKED_CERT_DETAILS" desc="Details of the error page for a revoked certificate"> - You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the certificate that the server presented has been revoked by its issuer. This means that the security credentials the server presented absolutely should not be trusted. You may be communicating with an attacker. You should not proceed. + You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the certificate that the server presented has been revoked by its issuer. This means that the security credentials the server presented absolutely should not be trusted. You may be communicating with an attacker. </message> <message name="IDS_CERT_ERROR_REVOKED_CERT_EXTRA_INFO_2" desc="2nd paragraph of extra information for a revoked X509 certificate"> - In this case, the certificate presented to your browser has been revoked by its issuer. This usually means that the integrity of this certificate has been compromised, and that the certificate should not be trusted. You absolutely should not proceed past this point. + In this case, the certificate presented to your browser has been revoked by its issuer. This usually means that the integrity of this certificate has been compromised, and that the certificate should not be trusted. </message> <message name="IDS_CERT_ERROR_REVOKED_CERT_DESCRIPTION" desc="Description of the error page for a revoked certificate"> Server's certificate has been revoked. @@ -2829,10 +2829,10 @@ are declared in build/common.gypi. The site's security certificate is signed using a weak signature algorithm! </message> <message name="IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DETAILS" desc="Details of the error page for a certificate signed using a weak signature algorithm"> - You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker). You should not proceed. + You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker). </message> <message name="IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_EXTRA_INFO_2" desc="2nd paragraph of extra information for a X509 certificate signed using a weak signature algorithm"> - In this case, the server certificate or an intermediate CA certificate presented to your browser is signed using a weak signature algorithm such as RSA-MD2. Recent research by computer scientists showed the signature algorithm is weaker than previously believed, and the signature algorithm is rarely used by trustworthy websites today. This certificate could have been forged. You should not proceed past this point. + In this case, the server certificate or an intermediate CA certificate presented to your browser is signed using a weak signature algorithm such as RSA-MD2. Recent research by computer scientists showed the signature algorithm is weaker than previously believed, and the signature algorithm is rarely used by trustworthy websites today. This certificate could have been forged. </message> <message name="IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DESCRIPTION" desc="Description of the error page for a certificate signed using a weak signature algorithm"> Server's certificate is signed using a weak signature algorithm. @@ -7676,6 +7676,9 @@ The following plug-in is unresponsive: <ph name="PLUGIN_NAME">$1 <message name="IDS_SSL_BLOCKING_PAGE_EXIT" desc="'Back' button text of the SSL blocking page."> Back to safety </message> + <message name="IDS_SSL_BLOCKING_PAGE_SHOULD_NOT_PROCEED" desc="Message advising the user not to proceed past the SSL blocking page."> + You should not proceed, <strong>especially</strong> if you have never seen this warning before for this site. + </message> <!-- SSL Error Page --> <message name="IDS_SSL_ERROR_PAGE_TITLE" desc="The title of the SSL error page."> diff --git a/chrome/app/google_chrome_strings.grd b/chrome/app/google_chrome_strings.grd index c9a7f01..bd4b3e9 100644 --- a/chrome/app/google_chrome_strings.grd +++ b/chrome/app/google_chrome_strings.grd @@ -164,19 +164,19 @@ Chrome supports. --> Google Chrome Instant </message> <message name="IDS_CERT_ERROR_COMMON_NAME_INVALID_EXTRA_INFO_2" desc="2nd paragraph of extra information for an unsafe common name in an X509 certificate"> - In this case, the address listed in the certificate does not match the address of the website your browser tried to go to. One possible reason for this is that your communications are being intercepted by an attacker who is presenting a certificate for a different website, which would cause a mismatch. Another possible reason is that the server is set up to return the same certificate for multiple websites, including the one you are attempting to visit, even though that certificate is not valid for all of those websites. Google Chrome can say for sure that you reached <strong><ph name="DOMAIN2">$1<ex>paypal.com</ex></ph></strong>, but cannot verify that that is the same site as <strong><ph name="DOMAIN">$2<ex>www.paypal.com</ex></ph></strong> which you intended to reach. If you proceed, Chrome will not check for any further name mismatches. In general, it is best not to proceed past this point. + In this case, the address listed in the certificate does not match the address of the website your browser tried to go to. One possible reason for this is that your communications are being intercepted by an attacker who is presenting a certificate for a different website, which would cause a mismatch. Another possible reason is that the server is set up to return the same certificate for multiple websites, including the one you are attempting to visit, even though that certificate is not valid for all of those websites. Google Chrome can say for sure that you reached <strong><ph name="DOMAIN2">$1<ex>paypal.com</ex></ph></strong>, but cannot verify that that is the same site as <strong><ph name="DOMAIN">$2<ex>www.paypal.com</ex></ph></strong> which you intended to reach. If you proceed, Chrome will not check for any further name mismatches. </message> <message name="IDS_CERT_ERROR_EXPIRED_DETAILS" desc="Details for an expired X509 certificate"> - You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the server presented an expired certificate. No information is available to indicate whether that certificate has been compromised since its expiration. This means Google Chrome cannot guarantee that you are communicating with <strong><ph name="DOMAIN2">$2<ex>paypal.com</ex></ph></strong> and not an attacker. You should not proceed. + You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the server presented an expired certificate. No information is available to indicate whether that certificate has been compromised since its expiration. This means Google Chrome cannot guarantee that you are communicating with <strong><ph name="DOMAIN2">$2<ex>paypal.com</ex></ph></strong> and not an attacker. </message> <message name="IDS_CERT_ERROR_NOT_YET_VALID_DETAILS" desc="Details for an X509 certificate that is not yet valid"> - You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the server presented a certificate that is not yet valid. No information is available to indicate whether that certificate can be trusted. Google Chrome cannot reliably guarantee that you are communicating with <strong><ph name="DOMAIN2">$2<ex>paypal.com</ex></ph></strong> and not an attacker. You should ensure that your clock and time zone are set correctly on your computer. If they are not, you should correct any issues and refresh this page. If they are correct, you should not proceed. + You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the server presented a certificate that is not yet valid. No information is available to indicate whether that certificate can be trusted. Google Chrome cannot reliably guarantee that you are communicating with <strong><ph name="DOMAIN2">$2<ex>paypal.com</ex></ph></strong> and not an attacker. You should ensure that your clock and time zone are set correctly on your computer. If they are not, you should correct any issues and refresh this page. </message> <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> - You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications. You should not proceed, <strong>especially</strong> if you have never seen this warning before for this site. + You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications. </message> <message name="IDS_CERT_ERROR_CONTAINS_ERRORS_DETAILS" desc="Details of the error page for an X509 certificate that contains errors"> - You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the certificate that the server presented contains errors. Google Chrome cannot use a certificate with errors and cannot validate the identity of the site that you have attempted to connect to. Your connection is not secure and you should not proceed. + You attempted to reach <strong><ph name="DOMAIN">$1<ex>paypal.com</ex></ph></strong>, but the certificate that the server presented contains errors. Google Chrome cannot use a certificate with errors and cannot validate the identity of the site that you have attempted to connect to. </message> <message name="IDS_TASK_MANAGER_TITLE" desc="The title of the Task Manager window"> Task Manager - Google Chrome diff --git a/chrome/browser/resources/ssl_roadblock.html b/chrome/browser/resources/ssl_roadblock.html index b202701..4a93aa2 100644 --- a/chrome/browser/resources/ssl_roadblock.html +++ b/chrome/browser/resources/ssl_roadblock.html @@ -107,6 +107,7 @@ document.addEventListener('DOMContentLoaded', setDirectionSensitiveImages); <div class="icon"><img src="ssl_roadblock_icon.png" alt="SSL Error Icon" onmousedown="return false;"></div> <div class="title" i18n-content="headLine"></div> <div class="main" i18n-values=".innerHTML:description"></div> + <div class="main" i18n-values=".innerHTML:shouldNotProceed"></div> <div class="main"> <form class="submission"> <input type="button" i18n-values="value:proceed" name="proceed" class="proceedbutton" onClick="sendCommand(1);"> diff --git a/chrome/browser/ssl/ssl_blocking_page.cc b/chrome/browser/ssl/ssl_blocking_page.cc index 07f285e..f5c6b05 100644 --- a/chrome/browser/ssl/ssl_blocking_page.cc +++ b/chrome/browser/ssl/ssl_blocking_page.cc @@ -89,6 +89,9 @@ std::string SSLBlockingPage::GetHTMLContents() { l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_PROCEED)); strings.SetString("exit", l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_EXIT)); + strings.SetString("shouldNotProceed", + l10n_util::GetStringUTF16( + IDS_SSL_BLOCKING_PAGE_SHOULD_NOT_PROCEED)); } else { resource_id = IDR_SSL_ERROR_HTML; strings.SetString("title", @@ -168,7 +171,7 @@ void SSLBlockingPage::NotifyAllowCertificate() { void SSLBlockingPage::SetExtraInfo( DictionaryValue* strings, const std::vector<string16>& extra_info) { - DCHECK(extra_info.size() < 5); // We allow 5 paragraphs max. + DCHECK_LT(extra_info.size(), 5U); // We allow 5 paragraphs max. const char* keys[5] = { "moreInfo1", "moreInfo2", "moreInfo3", "moreInfo4", "moreInfo5" }; |