It took awhile but I finally got around to submitting version 1.4.6 of RMD to addons.mozilla.org.
RMD 1.4.6 supports Firefox and Thunderbird versions 1.5 through 2.0.12 on Windows, OSX and Linux.
https://addons.mozilla.org/en-US/firefox/addon/2131
(And just a reminder that RMD will not be updated to support Firefox 3).
Last month I put together a 1.4.6 build of the Remember Mismatched Domains extension for Firefox and Thunderbird. This update is pretty much just a “maintenance release” making RMD more compatible with SELinux as well as fixing a couple of my usual localization screw ups. (Thanks to Josh for both pointing out the SELinux issue as well suggesting how to solve it).
The more exciting announcement for this update is that I’m hoping version 1.4.6 will be the final release. Back in October I wrote about the new security exception features in Firefox 3 which essentially provide the functionality that RMD has been providing for the past couple of years. Since then Firefox 3 has been steadily moving through the beta stage and soon enough will be released. (Thunderbird users will be happy to hear that the same security exception features are available in the nightly builds of the still very early Thunderbird 3). What this all means in the long run is that RMD will not be available for Firefox 3. Please note that I have every intention to continue maintaining the extension for Firefox 2 for as long as it is a Mozilla supported product.
Now’s the time to voice your questions, concerns…
Today, nearly 4 years, 123 comments and 42 votes after having been opened, Mozilla bug 228684 – Remember overrides of Certificate Domain Name Mismatch was updated to Resolved.
A patch was recently checked into the Mozilla codebase that marks bug 327181 “Improve error reporting for invalid-certificate errors” as Resolved Fixed. This bug significantly changes the way Mozilla will handle invalid certificates and as a result will hopefully make RMD redundant so earlier today I played around with a nightly build of Firefox 3.0 alpha (Minefield). My impression? I think the changes, while still rough around the edges, do a pretty good job of appeasing the various sides in the bad certificate handling saga.
The first thing you’ll notice when browsing to a website that presents an invalid security certificate is that the familiar mismatched domain error dialog is no more. Instead an in page Secure Connection Failed error is presented. Note that there is no way to temporarily accept the mismatch and visit the website:
Before websites that present invalid certificates can be visited the certificate must first be added to the new security exceptions list. The dialog for this list is intentionally buried in the Preferences / Options dialog:
Edit > Preferences > Advanced > Encryption > View Certificates > Servers -> Add Exception…
For current users of RMD I think it would be helpful to get your impressions of the changes and so I put together a little screencast of the new functionality in action. I encourage you to take a look and provide Mozilla with your feedback. Even better would be to download a recent build of Minefield and try it out for yourself.
RMD history buffs will probably recall that the Remember Mismatched Domains extension was born out of my red-faced frustration with constantly having to accept the domain mismatch when checking my Dreamhost hosted email.
Knowing that, you’ll appreciate how thrilled I was to see that last week Dreamhost made some changes that promised to properly resolve my domain mismatch errors once and for all. No extension required.
As I was reading through the comments on the Dreamhost post announcing the changes however, my elation soon turned to… I don’t know, I still can’t find words for how ridiculous this has all become.
The bottom line? Uninstall RMD! As of last week, if you’re using a current version of Thunderbird you can now use your Dreamhost hosted email without having to accept a domain name mismatch error each time. Just follow the “Another way to get rid of the Domain Name Mismatch error” instructions on the Dreamhost wiki. (Atleast until Thunderbird is updated to actually comply with the X.509 spec).
The long story? Anybody know the current measurement for irony these days? If it were still measured by the foot I’d say we have atleast 10 feet of irony in this story… From my point of view here’s the lay of the land:
- I wrote an extension that works around a problem in Mozilla’s implementation of the SSL specification.
- Some of the Mozilla SSL folks feel that said extension is just plain wrong as it circumvents the SSL standard and the problem should really be solved by the owner of the SSL certificate.
- When renewing their SSL certificate Dreamhost, (who own the SSL certificate), changed things so that the mismatch is no longer presented - (in current versions of Mozilla Thunderbird).
- Mozilla’s implementation of the SSL specification is wrong and should probably be changed.
- When that change is made, the changes made by Dreamhost will be in vain.
- A bunch of geeks look really intelligent but this shit is still frustrating.
The only proper reaction to all of this? Laugh. (Or if you’re in need of an excuse, drink).
This has been a long time coming.
Michael Baltaks has provided compiles of RMD’s XPCOM components that are compatible with both Intel and PowerPC versions of OSX. Which means that Mac users can once again use the Remember Mismatched Domains extension.
I know this is good news for some and I suggest you heap the usual new RMD release praises on Michael. Here I’ll start: Michael, thank you sooo much for quelling the Mac lynch mob that was assembling outside. ;-)
A bit of other significant RMD news is that the source for RMD is now being hosted in Google Code. Now that RMD contains binary components I think that it is important that anyone who wishes to do so is able to easily review the code and compile it themselves if they so wish. This is even more important as those components are user contributed. The RMD project can be found here:
http://code.google.com/p/rmd/
Finally, I think this version of RMD should work with the Thunderbird 3 alpha. (I’ve only tested on my Linux install so it would be great if anyone who tries it could report on their success in the comments).
It isn’t a heck of a lot but I’ve heard from a few folks asking for pointers on how to get setup to try building RMD on the Mac.
Last night after I’d finished typing up an email response to one such request I flipped over to Bloglines and ran across Jeff Atwood’s reminder of a great post from Jon Udell. Both Jon and Jeff make the point that blogging something like say, a collection of pointers for building a binary XPCOM on the Mac is much more useful to more people than sending it off in an email or two. Unfortunately, they didn’t email me those thoughts so I almost didn’t realize they were talking to me ;-)
Like I said, it’s not much but hopefully this will help to get you started if you’d like to contribute the Mac version of the XPCOM component to RMD. And if I’ve said something that is not correct or you have any more insight on the topic, we’ll all benefit if you’d like to share it…
One of the first things you’ll need in order to build the XPCOM component fro RMD is the Gecko SDK for your platform. For an Intel Mac you’d need to build XULRunner in order to get the SDK. There is what appears to be a good set of build docs (including a build requirements section).
[Update 2007-05-20]: A couple of people have pointed out that Dave Townsend is hosting an “unofficial” Intel SDK build (thank you Dave!). That’s one less step.
For PPC you should be able to skip that step and grab the “official” Mozilla Gecko SDK.
Once you have the SDK for your platform I’d guess you really only need XCode on the Mac (I’m really Mac illiterate but I think this is a part OSX so you shouldn’t need to install any additional packages) . If you download my component’s source you’ll find a Linux make file that should be a good starting point for the Mac build.
If you use the Linux Makefile included as a starting point and you get link errrors that look something like “ld: -L: directory name missing” try removing the space in the LD flags:
-GECKO_LDFLAGS = -L $(GECKO_SDK_PATH)/lib \
+GECKO_LDFLAGS = -L$(GECKO_SDK_PATH)/lib \
FWIW, Mozilla have a pretty good tutorial for building C++ XPCOM using Visual Studio on Windows.
Good luck!
That makes two user contributed updates to RMD in a row.
Last week Michael Blakeley worked some compiler magic and sent along a version of RMD’s XPCOM component that works on 64 bit Linux machines. Many thanks Michael!
Another platform supported. I’m still hunting for someone to help out our Mac using friends…
Luděk Janča pointed out that I’d goofed the chrome.manifest for RMD 1.4 causing some translations of the extension to not appear. The bug report he sent was my favourite kind - one that included a patch. Thanks Luděk!
Here we go again. I just posted version 1.4 of the Remember Mismatched Domains extension for Firefox, Thunderbird and Seamonkey.
Yay!
The big news for this release: it works in Linux!
(Original Tux design by Larry Ewing, Simon Budig and Anja Gerwinski).
While RMD continues to work as it did before, this update has some fairly significant changes behind the scenes. In order to work around the bug that I’ve been calling “the Linux problem“, I’ve gone from using a Javascript implementation of an XPCOM component to one written in C++. And I mention that here for a reason…
Boo!
RMD 1.4 doesn’t work in OSX.
Update 2007-07-31: See this post for a Mac version of RMD.
Now, don’t go getting all weepy just yet. I’m pretty sure all we need to do is get the XPCOM component compiled on a Mac. Unfortunately, I don’t have one. That’s where you come in… A MacBook Pro aughta do the trick - email me for a shipping address ;-) Alternatively, I’ve posted the component source here. If someone wants to take a crack at compiling a .dylib and send it to me I’ll tuck it into RMD. (Though, I’m not sure there’s an intel version of the Gecko SDK yet).
What is RMD?
The Remember Mismatched Domains extension for Firefox and Thunderbird adds a “Don’t warn me again about this certificate for this domain” checkbox to the Domain Mismatch and Expired Certificate warning windows. When selected the domain name and security certificate domain pair (or certificate and expiration date pair) is stored in a Firefox / Thunderbird preference and the security error dialogue will be bypassed on subsequent visits.
The comments section awaits your rants, bugs, problems, praise and more. Oh, and if you were using any RMD hacks, you can probably undo ‘em now.
First things first. I’m about to describe a workaround for the remember mismatched domains Linux problem for Ubuntu users but I want to be clear that this is a hack and a “you’re on your own” modification. I’ve been using it on my Firefox install for a little while now with no significant problems but your mileage may vary. Being Linux users I figure you (we) are probably used to living on the edge. With that disclaimer out of the way, onto the workaround…
As I described in the report for the bug that is responsible for the Linux problem, deleting the compreg.dat file in the Firefox (or Thunderbird) profile directory will cause all XPCOM components to be re-registered when FF / TB is launched. And as others have discovered, the first time RMD’s component is registered everything will work perfectly. You’re probably already jumping ahead of me now, but the workaround I’m using is to delete compreg.dat each time Firefox is launched. I’ve done that by adding the following lines to the firefox shell script (/usr/lib/mozilla-firefox/firefox):
#RMD hack - forces re-registration of xpcom components
rm ${HOME}/.mozilla/firefox/qy06zi95.default/compreg.dat
Of course your Firefox profile will be in a different directory than mine so you’ll need to modify appropriately.
Like I said, its a hack.
While version 1.3.4 of the Remember Mismatched Domains extension doesn’t solve the linux problem, Seamonkey users will be happy to hear that they can once again join in the mismatched domain remembering fun.
There are also a bunch of new localizations included in this release - thanks to everyone who submitted translations.
It’s been awhile since RMD has been updated so if I’ve messed anything up could you let me know in the comments.
No sooner had I somewhat proudly trumpeted RMD supporting Firefox 2 than an issue emerged.
Symptoms of the problem
Servers that present security certificates with mismatched domains will no longer load when RMD 1.3.3 is installed.
After installing RMD 1.3.3 and restarting the browser for the first time RMD will function as expected, allowing users to add ‘remembered’ mismatches or remembering mismatches stored in an earlier version of the extension. On any subsequent browser sessions however mismatched domains will no longer be load.
Who’s affected
Linux users running Firefox 2 and RMD 1.3.3.
Thunderbird 2 alpha users are also likely affected. This however does not appear to be an issue for Windows users.
By working my way back through the release candidates and betas (on a Ubuntu Linux box) I managed to trace it back to beta 2 of Firefox 2 - beta 1 wasn’t affected.
I am not aware of any problem with version 1.5 of either Thunderbird or Firefox on any OS.
Recommendations
If you are affected by this disable or uninstall RMD 1.3.3.
Another option is to roll back to version 1.2.8 of RMD. Before doing so however, it is important to remember that 1.2.8 was replaced by 1.3.x because of some very annoying flashing of the Mismatched Domains dialog. RMD was basically rewritten to solve that flashing issue and it is those changes that seem to be implicated in this latest problem. You can find a link to the 1.2.8 xpi in this post:
http://www.andrewlucking.com/archives/2006/07/bon-echo-test-drive/
Snarky rhetoric
Is it just me or does it seem like the goalposts do alot of moving in sections of the Mozilla codebase upon which RMD relies?
Thinking about upgrading to Firefox 2? Wondering if RMD will work after the update? Fret not, RMD supports Firefox 2. In fact, it has for the past month or so.
I noticed this recent comment from Kai Engert on a domain mismatch related entry (named “Multiple https bad-certificate warnings should be combined”) in the Mozilla bug database:
“Please note that I started to work on an approach that combines the dialog and will allow the option to remember a override for a certain hostname+cert pair.”
(He didn’t make that last part all bold and everything. I did that. For like, emphasis).
Here’s hoping we see this improvement soon. I’ve said it before; I’ve learned alot from the Remember Mismatched Domains extension and am happy to continue updating / maintaining it but this really is functionality that should be baked into Mozilla. Think about it - a mail client that, by default, forces you to click through a dialog each time it connects to your mail server! In 2006!
Mozilla security has been getting some attention recently, (some of it serious, some of it less so), and with the newly appointed, high profile, security chief reading through old bugs it would be great to see this one resolved for good.
Version 1.3.3 of the Remember Mismatched Domains extension fixes a bug that was causing remembered expired certificates to get stuck in “confirmation limbo”. Connecting to a site with an expired certificate that had previously been remembered would fail and the confirmation dialog would not be presented.
Many thanks to Arush Kumar for helping to track this one down.
Version 1.3.2 of the Remember Mismatched Domains extension for Firefox and Thunderbird is now available. This latest version fixes a fixes a few very annoying issues:
- the Domain Mismatch Dialog no longer “flashes” on screen when a mismatch is remembered (more details on this bug here).
- Thunderbird will no longer “steal” window focus when a mismatch is ‘remembered’ during automatic message checks.
- solved a long standing problem for MinimizeToTray users that caused Thunderbird to be restored when RMD ‘remembers’ a mismatch.
Beta testers Rock
A little over a week ago I went looking for a few beta testers for this latest version and was thrilled to have a significant number of folks step up. We ended up with a great cross-section of users (and get this, Windows users were the minority). You helped me track down a few hiccups as well as put up with my tweaking of RMD throughout the week. Thank you all! (Just a note in case I missed anyone, if you installed version 1.3.0 or 1.3.1 during testing you’ll need to uninstall before getting this latest version, otherwise you’ll end up with the two versions installed).
What is Remember Mismatched Domains?
As if you didn’t know ;-) The Remember Mismatched Domains extension for Firefox and Thunderbird adds a “Don’t warn me again about this certificate for this domain’ checkbox to the Domain Mismatch and Expired Certificate warning windows. When selected the domain name and security certificate domain pair (or certificate and expiration date pair) is stored in a Firefox / Thunderbird preference and the security error dialogue will be bypassed on subsequent visits.
I think we may have a solution. Finally.
You “edge case” RMD users running the alpha versions of Firefox and Thunderbird 2 will know what I’m talking about but to recap… With any version of RMD installed, the Domain Name Mismatch dialog window will briefly appear for your “remembered” domains before RMD “wakes up” and dismisses it. I described this in more detail last month.
Anyhow, after spending way too much time sifting through Mozilla lxr, I have a rewrite of RMD that I’ve been testing. Successfully. So successfully that I’d like to recruit a few “beta testers” to give it a whirl. If you’d like to try it out I’d be most appreciative - it would be nice to get a spectrum of environments so non-Win32 users: I want to hear from you. (MinimizeToTray users I want to hear from you too).
If you could either shoot me an email (address is up there in the top right corner), or leave your contact info in the comments section and I’ll get you hooked up with an xpi. (Oh and maybe you could let me know your OS and TB or FF version too). To be honest testing won’t entail a heck of a lot of excitment. The new version should work exactly the same as the old version, only better.
update 2006-09-16: Many thanks to everyone who ran RMD through it’s paces. You can get the update in this post.
It would appear that an annoying RMD issue has been introduced in some of the recent versions of both Firefox and Thunderbird. Ironically, it doesn’t seem to affect Bon Echo (which I’ve been using almost exclusively since first giving it a go). Thanks to some eagle eyed RMD users for pointing it out in the comments section and via email.
What’s up?:
The Domain Name Mismatch dialog is very quickly appearing when a mismatch is “remembered”. Actually, it seems to be appearing twice:
(click for a larger image)
I was pretty suprised to get that screengrab. (I put it down to the fact that I’d just had a coffee so my reflexes were a-buzzin’).
Hey, I’ve seen that!:
Some quick testing seems to indicate that it began with version 1.5.0.5 of both Firefox and Thunderbird. Thunderbird 2 alpha 1 is also affected while strangely enough Firefox Alpha 1 (Bon Echo) isn’t.
So… What’s up, doc?:
To be honest, I’m not exactly sure. The way RMD does it’s business is by overlaying the domain name mismatch dialog window and automatically okaying the mismatch for those mismatches it’s been convinced to “remember”. The extension adds this logic to the ‘onload‘ event for the dialog. For whatever reason, it seems that (atleast) the dialog’s chrome is being displayed prior to RMD kicking in.
Hey Andrew, rant already:
Look, RMD is nearly a year old. Plus it’s a ummm…, “workaround“. I think the large group of folks who are using RMD have demonstrated that we can use such functionality without hurting ourselves, so perhaps those who feel they’re protecting we ‘mortals’ could think about helping us as well. If Scott MacGregor and his collaborators are worried about treading on my RMD toes they needn’t be. Crickey, if Scott can help a hack like me hook up nsIBadCertListener in Thunderbird then maybe we don’t need his extension writers ;-) Fat chance, I’ll probably end up trying to workaround this one too.
I recently installed Bon Echo Alpha 1 to test RMD compatability with what will eventually become Firefox 2. First impression? I’m impressed with this alpha release.
There are no killer new features but I’m enjoying discovering the “nuance improvements”. Okay, scratch that. I’m typing this entry in the web based WordPress “editor” and Bon Echo pointed out that I’d misspelled “nuance”. When I right-clicked on the typo, suggested alternatives were offered.
Performance seems much improved too.
Oh and it looks like RMD is working fine. Here’s a version that will install in Bon Echo.
update 2006-08-04:
This one should install in Thunderbird 2 alpha 1 too. There is one ‘known issue’ - detailed in this post.
Phew, I suck at picking up new languages ;-)
RMD 1.2.7 fixes the issue that manifested in Norwegian labels appearing in the english language version of the extension.
Version 1.2.6 of the Remember Mismatched Domains extension is now available. This version adds a bunch more localizations and fixes a Firefox extension conflict that was causing the RMD options dialogue to fail to open.
Thanks again to everyone who has helped with all the translations of RMD as well as bug reports!
Version 1.2.4 of the Remember Mismatched Domains extension for Firefox, Thunderbird and Seamonkey fixes a couple of parsing errors in the French language version and also includes a fix for the issue with the options window being cut off. As well, Alexander L. Slovesnik has provided a Russian translation.
Thanks to everyone for the bug reports and help with the “drive to localize” RMD.
I’ve just posted an update to the Remember Mismatched Domains extension for Firefox / Thunderbird / Seamonkey. Version is now 1.2.2. This release fixes the mess I made of the Polish language translation. Many thanks to Bartosz Piec who fixed the dtd files for me.
Its been awhile since I did this:
What is Remember Mismatched Domains?
The Remember Mismatched Domains extension for Firefox and Thunderbird adds a “Don’t warn me again about this certificate for this domain’ checkbox to the Domain Mismatch and Expired Certificate warning windows. When selected the domain name and security certificate domain pair (or certificate and expiration date pair) is stored in a Firefox / Thunderbird preference and the security error dialogue will be bypassed on subsequent visits.
How do I install the extension?
If you want to install the extension in Thunderbird, you have to follow these steps:
1. In your default browser, right-click on the download link. Choose the “Save link to disk…” option and download the XPI install file into a directory of your choosing.
2. Open Mozilla Thunderbird and open the ‘Extensions’ dialog by going to the ‘Tools’ -> ‘Extensions’ menu.
3. On the Extension dialog, there’s a button named ‘Install’ in the lower left corner. Click on it and browse to the directory where you saved the remember-mismatch.xpi.
4. Choose the file you downloaded earlier on and click ‘OK’.
Firefox users left click on the link.
Localization
The Remember Domain Mismatch Extension has been updated to version 1.2.1. This version adds localization support along with German, Polish and French language translations (thanks to contributions from a few generous RMD users).
More Secure
The other important change for this version is that RMD is now storing fingerprints (SHA1 and MD5) of the security certificate when the mismatch is remembered. This change makes the extension a little more strict in how it remembers a domain mismatch (or expired certificate), thus making things like certificate spoofing a little more difficult.
What This Change Means For You
Not a heck of alot, other than near complete peace of mind. Of course, as we all know, true peace of mind can only really be achieved through actual matching (and un-expired) security certificates.
Unfortunately, for users who have previous versions of RMD installed this update will also mean that you’ll have to accept the mismatch one more time. Now I know what you’re thinking - “all I have to do is re-remember the domain name mismatch and near peace of mind will be mine! How can I do this right now?”.
Here’s what I suggest you do:
- After installing the update and restarting Firefox or Thunderbird, attempt to connect to your previously remembered website or mail server with a mismatched certificate. You’ll be presented with the Domain Name Mismatch dialogue again (boo, hiss…).
- Examine the certificate by selecting ‘View Certificate’ (remember the old days when you did this each time you checked your email?). If you like, you can even note the SHA1 and MD5 fingerprints that RMD will store.
- Once you’re certain that you want to remember this mismatch check the ‘Don’t warn me again’ checkbox and accept the mismatch. Now everytime that website or mail server presents the certificate with those very fingerprints RMD will go back to automatically accepting it on your behalf.
- If you open the options window for RMD you can view the fingerprints for each mismatch entry by making the Certificate Fingerprint columns visible. Do this by clicking the column picker widget (highlighted in red below). Entries that have no fingerprints stored are legacy entries from previous versions of RMD and can be deleted.
Download
Download the Remember Mismatched Domains extension:
https://addons.mozilla.org/extensions/moreinfo.php?id=2131
update one: argh, okay the udpate needs to be accepted by addons.mozilla.org before being made available for download. I’ll post it here for those who just can’t wait.
As always please use the comments section (or email) for any feedback / questions / bugs.
update two: editorial - clarified some awkward wording
–
Note: If you just want to download the Remember Mismatched Domains extension for Firefox / Thunderbird / Seamonkey you can get it here:
https://addons.mozilla.org/extensions/moreinfo.php?id=2131
–
A while back “Morty” dropped me a comment offering to provide German translation for the Remember Mismatched Domains extension. I thought it was a brilliant idea so last weekend I went ahead and added localization support to RMD. That was the easy part.
Over the next week or two I’d like see how many different translations we can collect for the extension. That’s where you come in…
Below you’ll find a list of 19 text label items found in RMD. If you have fluency in a language you’d like to see RMD support please do us all a favour and take a few minutes to note their translations. You’ll see that I’ve categorized the labels according to where they appear in RMD - this should give a good indication of the context in which they are presented. To save me any potential embarrassment, if you could also mention the language of the translation you’re providing I’d be appreciative.
There are a few ways you can submit your translations:
1. Email ‘em to me (that’s my address up there under “contact”)
2. Use the comments section on this post (in the event my blog mangles your translation please don’t panic, simply drop me an email and we’ll get it sorted ;-).
3. I’ve posted the en-US dtd files here. After downloading them, make your changes and email the files back to me.
updated 2006/05/23 RMD has been added to babelzilla.org. Please use that system for submitting translations. Thanks.
Thank you for your help in making RMD better for us all! And don’t forget to leave your name (and url) so I can add you to RMD’s contributors list.
updated 2006/05/23:
We now have the following localizations for RMD:
‘da-DK’, ‘de-DE’, ‘en-US’, ‘es-AR’, ‘es-ES’, ‘fr-FR’, ‘nb-NO’, ‘pl-PL’, ‘pt-BR’, ‘ru-RU’
Extension Properties:
1. Remember Mismatched Domains
2. Adds a ‘don’t ask me again’ option to the Domain Name Mismatch Security Error window.
Menu Item (Thunderbird and Seamonkey):
3. Remember Mismatched Domains Options…
Domain Mismatch Dialogue:
4. Don’t warn me again about this certificate for this domain
Options:
5. Remember Mismatched Domains Options
6. Domain Name Mismatch
7. Server Certificate Expired
8. Remembered Domain Name Pairs
9. Remembered Expired Certficates
10. Website Domain
11. Certificate Domain
12. Expired On
13. Delete
14. OK
15. Cancel
About:
16. About Remember Mismatched Domains
17. version
18. Created By
19. Contributors
The Remember Mismatched Domains extension is now available from addons.mozilla.org. It went live yesterday and is already getting some good feedback. Thanks.
Version 1.1.2 is the latest. You may as well go and grab it from over there:
https://addons.mozilla.org/extensions/moreinfo.php?id=2131
Seamonkey 1.0 users should now be able to join in the Remember Mismatched Domains fun.
It seems that the Firefox / Thunderbird extension manager isn’t built into Seamonkey so I’ve added a “Remember Mismatched Domains Options…” item to the “Tools” menu:
If you’re a Seamonkey user looking to remember mismatched domains you can install version 1.1 of the extension from here. Please add a comment if you find any issues.
To mark yesterdays announcement of Firefox 1.5 I thought I’d release a 1.0 of the Remember Mismatch Domains extension. This version of rmd has no major changes but I did tidy a few things up.
I think this also provides me a good opportunity to suggest that the Mozilla folks include something similar to the functionality that the rmd extension provides in future versions of their tools. As happy as I am to continue supporting rmd it seems obvious to me that not having to continuously accept the domain mismatch warning (expired certificates too) is something users want by default. I haven’t been keeping track of downloads of the extension but Googles for it are consistently at the top of the search referals to this site. I also noticed earlier this week that the bug has been open for nearly two years and the issue has been debated ad nauseam. To me that means the current (default) functionality is broken and should be addressed.
In the meantime, here’s a quick recap of the extension along with install directions:
What is Remember Mismatched Domains?
The Remember Mismatched Domains extension for Firefox and Thunderbird adds a “Don’t warn me again about this certificate for this domain’ checkbox to the Domain Mismatch and Expired Certificate warning windows. When selected the domain name and security certificate domain pair (or certificate and expiration date pair) is stored in a Firefox / Thunderbird preference and the security error dialogue will be bypassed on subsequent visits.
How do I install the extension?
If you want to install the extension in Thunderbird, you have to follow these steps:
1. In your default browser, right-click on the download link. Choose the “Save link to disk…” option and download the XPI install file into a directory of your choosing.
2. Open Mozilla Thunderbird and open the ‘Extensions’ dialog by going to the ‘Tools’ -> ‘Extensions’ menu.
3. On the Extension dialog, there’s a button named ‘Install’ in the lower left corner. Click on it and browse to the directory where you saved the remember-mismatch.xpi.
4. Choose the file you downloaded earlier on and click ‘OK’.
Firefox users left click on the link.
Just uploaded version 0.7 of the Remember Mismatched Domains extension for Firefox and Thunderbird. It fixes an issue where certificates with names that contain a space character were not being remembered correctly.
Now those crazy kids can use any character they want when selecting a common name for their SSL certificate and we’ll still be able to skip past the domain name mismatch warning. Ahh, ain’t life grand?
The xpi is in the usual location, here.
Thunderbird users may find the install instructions in this post useful.
That was easy.
I was recently asked about the possibility of adapting the Remember Mismatched Domains extension to support Thunderbird. Well, it turned out to be a snap. All I had to do was add Thunderbird as a target application in the extension’s install manifest. How cool is that?
What is Remember Mismatched Domains?
The Remember Mismatched Domains extension for Firefox and Thunderbird adds a “Don’t warn me again about this certificate for this domain’ checkbox to the Domain Mismatch warning window. When selected the domain name and security certificate domain pair is stored in a Firefox / Thunderbird preference and the security error dialogue will be bypassed on subsequent visits.
(I explained why I wrote the extension in the original announcement).
How do I install the extension?
If you want to install the extension in Thunderbird, you have to follow these steps:
1. In your default browser, right-click on the download link. Choose the “Save link to disk…” option and download the XPI install file into a directory of your choosing.
2. Open Mozilla Thunderbird and open the ‘Extensions’ dialog by going to the ‘Tools’ -> ‘Extensions’ menu.
3. On the Extension dialog, there’s a button named ‘Install’ in the lower left corner. Click on it and browse to the directory where you saved the remember-mismatch.xpi.
4. Choose the file you downloaded earlier on and click ‘OK’.
Firefox users left click on the link.
It’s a beta and could use some testing in different environments. The comments section would be a good place to let me know of any issues.
Update (Oct. 08, 2005): version 0.6 supports both Thundebird 1.5 Beta 2 and Firefox Beta 2.
Update (Oct. 25, 2005): version 0.7 fixes an issue where certificates with names containing space characters were not being properly “remembered”. My apologies to Emmanuel’s dad for the delay ;-)
Version 0.4 of the Remember Mismatch Domains Extension is now available.
Changes include:
- fixes an odd focus issue where some keyboard events stopped firing after RMD had overridden a domain mismatch.
- added an options menu to view and delete stored domain name pairs via a UI. (Thanks to a suggestion from Scott Selikoff).
- added support for Deer Park Beta 1!
Read the original extension announcment here.
Direct link to the install .
update: Oops post updated to read (and link to) Deer Park Beta rather than Deer Park Alpha.
I’ve whined about this before. Each time I use the web interface to acess my email account Firefox presents a Security Error: Domain Name Mismatch warning. The warning occurs because the secure URL I connect to is within my andrewlucking.com domain while the security certificate is issued to Dreamhost, my hosting provider.
Now, technically Firefox is entirely correct in advising me of the issue. What irks me is that I have no way of storing the fact that I am aware of the mismatch and no longer need my browser to bring it to my attention each time I check my mail. Obviously the ideal way to avoid the warning is to correct the problem that is being identified - obtain a SSL certificate for my webmail domain. Realistically though the expense involved does not make it practical. So, after searching for a quick fix and reading through some mildly entertaining flame wars I did what one does in this day and age of the extensible web browser: I built a Firefox extension.
The Remember Mismatched Domains extension for Firefox adds a “Don’t warn me about this certificate for this domain again’ checkbox to the Domain Mismatch warning window. When selected the domain name and security certificate domain pair is stored in a Firefox preference and the security error dialogue will be bypassed on subsequent visits.
Before trying out this extension I would recommend you read the discussion of a similar entry in the Thunderbird bugzilla database:
https://bugzilla.mozilla.org/show_bug.cgi?id=228684
In particular this entry from Nelson Bolyard struck me as particularly insightful.
The 0.1 beta version of Remember Mismatched Domains can be installed from here:
remember-mismatch.xpi
It’s a beta and could use some testing in different environments. The comments section would be a good place to let me know of any issues or drop me an email.
update: just uploaded version 0.4. Details on the changes here.
update: Now at version 0.5. Which adds support for Thunderbird. Details here.
