- From: Bert Bos <bert@w3.org>
- Date: Fri, 16 Apr 2010 11:03:39 +0200
- To: www-validator-css@w3.org
When the CSS Validator cannot verify the SSL certificate of a site
(i.e., of a URL starting with https://...), it gives a cryptic error
message:
I/O Error: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
(An example is https://magyarorszag.hu/ which uses a certificate signed
by a Root Certification Authority, Microsec Ltd., that is unknown to
Java. Another is https://www.phonk.net/ which uses a self-signed
certificate.)
I'd like the validator to give a more readable error, e.g.: "The Web
page you are trying to verify may not be secure. The certificate for
the page is signed by a Certificate Authority that is unknown to the
validator. The page has therefore not been validated."
And maybe it is even possible to add: "The validator can continue and
check the style sheets of the Web page anyway, but please verify that
the URL does not contain any sensitive information. (The fact that the
validator cannot verify the identity of a site *may* indicate that an
attacker is intercepting communications with the site, but in most
cases it just means that the validator lacks information about the
organizations that signed the certificate.)"
... with a button to continue the validation in "insecure" mode.
Bert
--
Bert Bos ( W 3 C ) http://www.w3.org/
http://www.w3.org/people/bos W3C/ERCIM
bert@w3.org 2004 Rt des Lucioles / BP 93
+33 (0)4 92 38 76 92 06902 Sophia Antipolis Cedex, France
Received on Friday, 16 April 2010 09:03:30 UTC