"Lee" <[email protected]> wrote in message
news:mailman.12522.1330885043.31724.support-seamon...@lists.mozilla.org...
> On 3/3/12, Desiree <[email protected]> wrote:
>>
>> "Lee" <[email protected]> wrote in message
>> news:mailman.12426.1330789185.31724.support-seamon...@lists.mozilla.org...
>>> On 3/3/12, Desiree <[email protected]> wrote:
>>>> Since the recent demise of Scroogle, that I used exclusively for years,
>>>> I
>>>> have begun using Startpage.com HTTPS search engine exclusively. I have
>>>> had
>>>> GoDaddy disabled in Certificate Manager for years now on all browsers.
>>>> I
>>>
>>> I just tried disabling GoDaddy as a CA in Seamonkey & it works for me.
>>>
>>> How did you disable it?
> [.. snip method ..]
>>
>> I looked at this again just now. I am now getting the StarPage engine
>> search
>> using StartPage HTTPS engine in the search bar without a bunch of popup
>> windows about the GoDaddy cert.
>
> Yay!
>
>> BUT StartPage does not give you 100 results
>> per page (rather 10 only) so I click on the second page of results and I
>> get
>> a series of popup screens. I have to RETELL SM to make a permanent
>> exception
>> for StartPage cert.
>
> uhmm.. actually no. You have to tell SM to make a permanent exception
> for startpage.com and then after clicking on "next" you have to make
> another permanent exception for something like s6-us2.startpage.com.
> So far, I've seen it go up to s12-us2.startpage.com for subsequent
> pages.
Yes, but I made a GLOBAL exception for StartPage HTTPS to permanently accept
GoDaddy cert. I suppose I have to contact StarPage and ask them how to do
this.
>
> [.. snip description of expected results ..]
>
>> Sigh. I just tried again using StartPage HTTPS engine through the search
>> bar, for another subject for searching, and I got that HORRIBLY
>> MISLEADING
>> Startpage search results. There was a popup up from SM stating that
>> Secure
>> connection FAILED due to the Godaddy cert being UNtrusted.
>
> SM told you that the secure connection failed & why it failed. What
> warning message would you prefer?
There should be NO warning message of any kind! Otherwise, what is the
purpose of a permanent exception for StartPage HTTPS?
>
>> I was not able to
>> do anything other than look at the cert or cancel.
>
> Something else is going on then. I've yet to have that problem with
> startpage.
> I _have_ had that problem with other https:// sites tho, enough times
> that IE tends to be my 2nd choice browser instead of FF :(
I have only encountered this problem with StartPage and Amazon and both use
GoDaddy certs. I also have all Comodo related certs disabled but when I go
to a site using a Comodo cert both Fx and SM behave correctly. I either make
a one time exception or a permanent one and the permanent one works
correctly and I don't get the frustrating popup that I can only look at the
cert or cancel but cannot make an exception and I don't get that popup at
sites using Comodo certs where I have already made a permanent exception.
Yes, it is very irritating and worse on SM than on Fx. I had Opera as my
default browser for two years 2009-2011 (before that Fx was always default)
and I would actually make it default again except for one thing it lacks
that drives me nuts and is really important to me. As far as certs go
though, it has far superior handling than Fx, SM or IE. I have had the
pleasure, on several occasions, to discuss Opera's cert handling with the
developer in charge of Opera security. He's made Opera stand way above other
browsers in this area and he is one of the few Opera devs who regularly
posts in the Opera forums and has a security blog also.
>
>> Yet, I still see https in
>> the address bar for the StartPage search results and in the Status bar
>> the
>> almost impossible to see dark gray lock appears locked. The surrounding
>> area
>> is a lighter gray tannish color and if I click on the lock it says the
>> site
>> is secure but that information is in DIRECT CONFLICT with what the popup
>> said which was that the SECURE CONNECTION FAILED! This is a nasty bug
>> giving
>> conflicting information. Which claim do I believe?
>
> SM is just doing what you told it to do (trust the cert).
How? SM is giving conflicting information so why are you saying it is
trusting the cert? On the one hand, it gives me a popup saying "secure
connection failed" and on the other hand, the lock is closed so the secure
connection didn't fail according to the status of the lock. (I can't find
any information as to what the grayish tan color surrounding the lock
signifies). But which message do I trust?
>
> Because the GoDaddy CA is untrusted, the startpage certificate
> doesn't link up to a trusted CA & so SM warns you about the
> connection. You over-rode the warning & told SM to accept the cert as
> valid. So SM considers it a secure connection.
No, SM says the secure connection FAILED but it also gives me a closed lock
that when clicked on says the site is secure. SM is telling me two
conflicting things. Both cannot be true.
>
>>>> want my browsers to notify me each time a GoDaddy cert is used and then
>>>> I
>>>
>>> take a look at the CertPatrol addin
>>
>> I looked at this. I was wrong in that I have not seen this extension
>> before.
>> It is interesting but not what I need. I need Padlock extension that I
>> use
>> on Fx. I can't clearly see the dark gray padlock that SM uses. I can't
>> see
>> if it is open or closed without using a magnifying glass...horrible color
>> for what should be a GOLD padlock that is easily seen. Plus, it should be
>> in
>> the address bar...NOT on the status bar where even if a gold color it is
>> harder to see. So, I use Padlock extension for Fx but it won't install on
>> SM.
>
> I've seen references to a SM extension that over-rides the extension
> compatibility check.. I've never used it, so I don't have a name or
> link for you :(
MR Tech extension did this for years on both Fx and SM but is no longer
developed and works partially on Fx 4, 5 and 6 and did work on SM until
about 2.5 but no more.
>
>> BTW, I have expensive lens implants and have excellent vision. That dark
>> gray padlock is simply a horrible color. It should still be gold or green
>> or
>> bright neon blue ....some color that is easy to see if it is open or
>> closed
>> as it is a small icon.
>
> I'm guessing the color can be over-ridden with something in userChrome.css
>
>> Further, why in Fx, does the address bar color change for HTTPS but does
>> not
>> in SM unless the site has EXTENDED validation?
>
> Most probably because the SM programmer chose not to.
No, SM Help states that the address bar should change color for any secure
site and it does for extended validation sites but not sites with less
expensive certs. But I now think that is due to the Persona I was using. I
switched Personas and now the address bar is white instead of blue. It still
doesn't change like SM Help says it is supposed to do. I think this may be
an unexpected side effect of Personas although the same Persona on Fx does
not have this effect. Considering there are thousands of Personas and
hundreds more added daily ....this could be a headache for SM devs. OOPs, my
bad...I forgot... Mozilla just announced that Personas are getting a new
name (Mozilla wants to use the name Persona for BrowserID). So, Personas are
now "themes" and will be available under Themes along with regular themes.
>
>> SM does not even have an icon
>> left of the address to click on to see the security status. You have to
>> find that almost impossible to see dark gray lock on the status bar and
>> click on that. It is almost impossible to tell if the dark gray lock is
>> locked or unlocked just by looking at it. VERY VERY BAD IMPLEMENTATION OF
>> SECURE PAGES. On StartPage HTTPS, that lock has a very small background
>> that is colored grayish tan. What is that supposed to convey? The address
>> bar is blue but it is blue on non secure pages also.
>
> I was playing around with the address bar color a while back. You
> might try modifying the following to get the colors you want:
>
> /*
> * Change the "Secure Site" URL address bar background color
> */
> /* ******* comment out.. not sure if I really want this
> * #urlbar[level="high"] > .autocomplete-textbox-container,
> * #urlbar[level="low"] > .autocomplete-textbox-container {
> * background-color: turquoise !important;
> * }
> */
>
>
>>
>> I found this on a search:
>>
>> "The latest versions of both Seamonkey and Firefox displays both a closed
>> padlock icon in the status bar and coloured background in the URL field
>> when
>> the page is properly encrypted and secure. They also display a red broken
>> padlock in the status bar but no coloured background in the URL field
>> when
>> the encrypted page is not secure."
>> http://philipramsey.blogspot.com/2011/02/httpswwwcchcamyaccountloginaspx-not.html
>
> That's over a year old & I'm not bothering to check if Phillip Ramsey
> is/was a SM developer, but I suspect not. In other words, he could be
> as authoritative a source as I am (which is NOT AT ALL since I have
> not looked at the code :)
Yeah...he probably isn't a SM developer but I found it in SM Help later.
There is supposed to be a change in the address bar color when visiting
secure sites.
>
>> The padlock should change to red when I get the popup from SM saying the
>> secure connection faild?
>
> Dunno. I have not seen any SM/FF documentation on what should happen
> under different failure scenarios. But remember, you told SM to trust
> the startpage certificate. So it seems reasonable that you get a
> normal padlock..
>
>> It doesn't turn red. I don't get a colored
>> background in the address bar either when the page is properly encrypted
>> and
>> secure except for pages that use extended validation and then the address
>> bar turns yellow.
>
> See above for the CSS to change that..
>
>> Otherwise, properly encrypted and secured pages or not the
>> address bar is always a blue color that fades to white toward the end of
>> the
>> address bar and actually, it should be transparent, but isn't on SM and
>> is
>> on Fx.
>
> For me, the SM address bar is an ugly shade of yellow for https://
> sites & very light blue for others. Maybe because I changed to the SM
> Modern theme??
Probably is due to the theme. I have a combination of the default SM theme
(that's for the icons...ugly I think) and then a Persona for the background
theme. There is a significant difference between regular SM themes and SM
Personas that Mozilla now says are also called "themes". I don't know how
Mozilla expects users to differentiate between the two types of "themes"
when referring to one or the other now.
>
>> Further there is NO INFORMATION ANYWHERE, that I can find, on SM that
>> informs me that I have made a permanent exception for GoDaddy cert at
>> StartPage.
>
> Edit / Preferences / Privacy & Security / Certificates / Manage
> Certificates / Servers
> startpage.com as well as the sNN-us2.startpage.com sites show up there for
> me.
Thanks! I forgot to look there. I was expecting either the popup that I get
in Fx on the icon to the left of address bar on mous hover that informs me I
have made a one time or permanent exception or information when I click on
the lock in the status bar. I was not thinking about having to find the
information in a round about manner. I have a long list of entries there
for Startpage and GetSatisfaction where I also have the same problems with
GoDaddy cert. Almost all the entries have 443 error in them! It is accurate
as I can't get to StartPage half the time and GetSatisfaction was a
nightmare. I still can't post there because SM and Fx to have a problem with
allowing me to accept the cert there permanently. I had to use Opera there
and the site does not support Opera so I while I had no certificate handling
problems there, I had other problems and I had four support tickets for the
site and a support ticket for Ghostery (that doesn't work on Opera but
should) forum that is part of GetSatisfaction. I couldn't reply to my
support tickets when they got answered.
>
> Regards,
> Lee
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
