Noté 4 sur 5 étoiles
It's great that the new 2.0.12 has fixed the cert popup issue. Thank you to the developers. Just however, 2.0.12 also introduces a new bug that in the "Details" of "Clear Recent History", only "Browsing and Download History" is there visible with all other items disappearing.Cette critique est pour une version précédente du module (2.0.10). Cet utilisateur a 3 revues précédentes sur ce module.
Are you sure this is caused by the CertPatrol update? This works for me fine just like before and nothing changed in that part of the code in 2.0.12.
Check if disabling the addon or installing the previous version fixes it.
Noté 4 sur 5 étoiles
What with the recent problems with DigiNotar and potentially some other CAs this addon shows its importance and relevance.Cette critique est pour une version précédente du module (2.0.10).
Thunderbird support please =) Noté 5 sur 5 étoiles
Cert Patrol reports to support Thunderbird, but it appears be dormant and inactive in Thunderbird. Any news on when Thunderbird will truly be supported? And how exactly can I find out when it is supported? Is there a website I can monitor or something?Cette critique est pour une version précédente du module (2.0.10).
Uploaded a new version with a fix so it works again. Latest versions are at https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/versions/ you can install 2.0.12 from there or wait until Mozilla approves it and it gets updated automatically.
Good heads-up tool for SSL monitoring Noté 5 sur 5 étoiles
This Extension is useful for tracking SSL and TLS clearances on newly-visited Web pages, and the Preferences this Extension can locally allow and/or block individual Certificates, even mark a specific Certificate repository as untrusted when the need arises. The pop-up toolbar appears for first-time certificate presentations, with reject and view-details options.Cette critique est pour une version précédente du module (2.0.10).
Notification Bar, Suggestion Noté 5 sur 5 étoiles
Certificate Patrol needs an OPTION to "Do not repeat notifications in Notification Bar"
I keep getting the EXACT same notification on Google pages, a wildcard, EVERY time I load a page. Even if I use Refresh or open a Google page in a New Tab.
I've noticed this in some other pages that are NOT wildcard notifications.
Must-have fix for SSL shortcomings Noté 5 sur 5 étoiles
Righteous! Love this to death.
Edited for dev reply: SQLite: excellent. Mostly what I'm asking for is: in addition to the lovely host/domain ignore list you added, also a "host/domain to only check CA list". Keep it all centralized, and make it easy to only check CA for *.google.com, *.googleusercontent.com. and so on.
Right now, I have to check this box for *every certificate*, and it's a long, long slog. Then, when the cert expires in a-year-or-whatever: I have to re-check all those boxes for all those certificates. Too much effort.
I *want* to know if the issuance chain has *completely changed* on, say, Google certificates; I'd rather not ignore them entirely. However, until I can "semi-ignore" entire domains, it's very tempting to dump *.g*.com into the ignore list. Or disable Certificate Patrol entirely.
There's a checkbox in the change notification dialog that makes CP check only the issuer of the certificate for that host, you can also set this flag in the certificate manager, and yes it's stored in SQLite.
Be nice to have option to disable banner at top Noté 4 sur 5 étoiles
Certificate patrol is a great product. I applaud the recent "improvements."
One thing I would really like to see though is a setting that TOTALLY disables notices when new certificates are added to the library. For example, I don't want to see a banner appear across the top of the browser every time I visit a new HTTPS page. Just silently add the certificate to the library without telling me.
There should really be a setting for this silent behavior.
We added a setting for this in 2.0.10rc2, you can already try it or wait for the next stable release.
Great, but needs to be able to deal with sites load balancing Noté 4 sur 5 étoiles
Very useful for the security-conscious, but like a previous reviewer I've found that some sites (Twitter in particular) balance their load between servers with different SSL certificates installed, so even though I'm accessing the same URL each time, the certificate alternates back and forth between two different ones that are not due to expire and also have different CAs. This means I frequently have to dismiss a warning popup even though I've previously accepted both certs.Cette critique est pour une version précédente du module (2.0.8).
There's a a checkbox at the bottom of the change notification dialog (after clicking 'View Details') labeled 'Check certification authority only' which makes CertPatrol check only that the issuer is still the same for that host. This usually solves the problem for sites using load balancing (e.g. Google, Citibank).
The Twitter case is a bit different as they use completely different certificates from different issuers for si0.twimg.com, for this we added an ignore list to the prefs and an ignore button to the dialog that disables any checking for that host, so at least it's not annoying. This feature is going to be available in 2.0.10, for the impatient it's already available in the development channel, in version 2.0.10rc.
Works great, one feature needed Noté 4 sur 5 étoiles
Works great and I like knowing that I'm getting the same certs over and over and knowing that Mallory isn't trying to serve me a new certificate from a questionable/hacked/compelled Root CA.
However, the only issue I'm having is that many Google sites are using two (or more) certs and keep alternating back and forth. *.gstatic.com and ssl.gstatic.com. We really need a way to remember two or more certs for a site such as this and not have it keep flagging them as problems between clicks.
Constant notifications I have to manually dismiss Noté 1 sur 5 étoiles
I have all CAs disabled since I don't trust them and use Perspectives so that might be affecting it - most places are already overridden by perspectives.
Almost every site pops up the notification, including this one. Actually it popped up several while I was getting to this page. The version is 2.0.6. In the configuration panel there are 4 boxes, and all of them are NOT checked. There is no apparent way to tell it NOT to pop up anything.
There is no option to have it either shut up when storing the cert the first time ("Certificate accepted and stored"), or even to have the notification bar disappear after a few seconds if it is a low-threat. On my big screen is is annoying. On my netbook that doesn't have a lot of vertical space it makes it almost useless.
I get the perspectives notification the first time and that is enough. I only want notification if there is a different certificate than stored - one that changed something significant, and maybe one that automatically disappears in 5-10 seconds if it is something like a cert expiration switch (from the same CA even though I don't trust the CAs). Alternately, you might be able to integrate with Perspectives to validate the cert and NOT pop up anything if perspectives says the cert is valid.
Confirmed the fix with 2.0.7. GJ !! Noté 5 sur 5 étoiles
I wrote "preference trouble" on Seamonkey 2.2 and Thunderbird 5 in the previous review.
Now I confirm the fix with Certificate Patrol 2.0.7. Thanks for your quick fix.
You're welcome. 2.0.7 had another problem though so we had to replace it with 2.0.8.
Five Stars for Certificate Patrol Noté 5 sur 5 étoiles
I'm running v2.0.6 with Perspectives 2.4 in Firefox 5.0 Portable under WinXP Pro SP3 32-bit. No problems.
Feature request: a user configurable setting to enable and time out (i.e. 10 seconds) to collapse the yellow bar. See that in action with the BetterPrivacy add-on "Autoremove message after .... seconds" Thank you!
We have added the timeout feature in 2.0.9
Noté 2 sur 5 étoiles
Great job. Heard about Certificate Patrol from Steve Gibson's Security Now podcast. This add-on provides a feature that should be standard in every browser.
Had to uninstall because of the crazy number of notifications about Google's certificates. I keep several Google products pinned in app tabs and switch between them often. It's literally gotten to the point where I can't even access a single one of them without CP popping up with alerts about Google's wildcard certs and such. I can't even type in a single query in the Firefox search bar (I have the SSL version of Google added there) without getting prompted about the cert for each query.
CP is a great idea, but an add-on that requires you to close the same warning messages repeatedly 30+ times per day is just too much. I'm sure the real issue is Google needing to do a better job of cert management, but there really does need to be some configurability options for this in CP.
In version 2.0 we made many improvements, e.g. we added a checkbox at the bottom of the change notification dialog that makes CP check only the issuer for that host, this is useful in cases like this when a site uses multiple certificates for the same host. Which version were you using? Try upgrading to 2.0 if you haven't done so yet.
Noté 5 sur 5 étoiles
Decent program for keeping vigilant of proper certification for certain websites, especially for banking sites. Definitely a good addition to anyone's library of add-ons.Cette critique est pour une version précédente du module (1.8.3).
One more privacy and security tool! Noté 4 sur 5 étoiles
I held off on reviewing this one for a while because I needed to test it out and to do some more homework but now I am putting it into my "Apollo! Pack"! collection because it is one more step in the right direction. It alone is not going to secure your computer but it is one more step. Why Firefox doesn't do more to check certificates is a mystery.Cette critique est pour une version précédente du module (1.8.3).
Needs options... Noté 2 sur 5 étoiles
I had a problem with it not giving a cancel button as there is such a thing as cookies that the suspicious site could get a hold of and use my session. I have noticed this with github today and I am unsure if I should trust that they changed as the CN on the old one is every subdomain and the CN on the new one is just github as well the new owner being digicert and 790 days until it expires when the old one was godaddy with 1290 days left. You would expect that they wouldn't change until it reaches the end of the certificate as there would be no reason so I am guessing the new one is fake and I am unable to push cancel to stop it from loading...Cette critique est pour une version précédente du module (1.8.3).
You'll have to file a bug report with Mozilla...
There is no Firefox API that allows us to prevent a web page from
being loaded. All we can do and intend to do is to add a "Reject"
button which keeps the new certificate from being stored as "seen
before". This obviously doesn't solve anything and the user is
still in charge of closing the window to the bogus website herself.
You'll have to file a bug report with Mozilla if you'd like to see
this kind of behaviour from CertPatrol.
Noté 5 sur 5 étoiles
I like it, but one suggestion would be to make the dropdown notifications specific to the tab they were generated from - using something like gBrowser.getNotificationBox(gBrowser.getBrowserForDocument(aDocument)); -- It's a little annoying getting the notifications when I open a bunch of new tabs (when I'm not looking at those tabs yet)Cette critique est pour une version précédente du module (1.8.1). Cet utilisateur a une revue précédente sur ce module.
Thank you. I think I tried several snippets of code like that and they failed to work but I'll try again.
Noté 4 sur 5 étoiles
This is an extension worth installing: it recognizes when the ssl/tls certificate of a site has changed, and will give warnings if this change looks suspicious.
From reading the source code, there are no surprises. It compares hashes from ssl/tls certs to hashes it has seen in the past. This means it will keep a list of https sites you have visited (including those visited while in private browsing mode), but this will stay on your computer and not be sent elsewhere.
The code quality is acceptable, but not excellent. For example, the code does not use braces around one-line if-statements, uses inconsistent indentation and one if...elseif really looks like it needs a final else statement.
The main logic for detecting if a certificate change is classed as "suspicious" is not commented and is difficult to follow. For example, time limits are coded in (billions of) milliseconds instead of human-readable days, and no explanation is given to the choice of these values or how they relate to real-world problems they want to warn about.
That said, I would still recommend installing as it does provide warning about many possible ssl/tls attacks.
The "inconsistent" indentation is meant to be KNF, the BSD Kernel Normal Form, with different indentation levels for code blocks and line continuations. The source however has seen several authors and isn't all consistent. Fixing that now. The main logic is commented in the upcoming version 1.8.3. Thanks for the recommendation. :-)
Noté 4 sur 5 étoiles
A good add-on... BUT... sites providing multiple certificates for the same domain give false positives. Many of these false positives could be avoided if old (but unexpired) certificates were remembered after new certificates were accepted -- there is no harm switching between certificates that have already been accepted.Cette critique est pour une version précédente du module (1.4).
Noté 5 sur 5 étoiles
Essential. Would be nice to have some synchronization to detect certificate changes across networks (maybe via saving data to bookmarks like NoScript does).
If Google or anybody changes its certificate every several days, that's Google's problem and security risk for others. This addon does nothing wrong here. If you want an option to disable it for certain sites, consider using MitM Me instead.