OK. This message appeared when I tried to log in:

_______________________________________
Secure Connection Failed

investorcentre.linkmarketservices.com.au uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.

(Error code: sec_error_unknown_issuer)

    * This could be a problem with the server's configuration, or it could be someone
       trying to impersonate the server.

    * If you have connected to this server successfully in the past, the error may be
       temporary, and you can try again later.

          Or you can add an exception…
_______________________________________

So I continued:

_______________________________________
You should not continue if you are using an internet connection that you do not trust
 completely or if you are not used to seeing a warning for this server.

[Continue...]
_______________________________________

It would be really peachy-keen if we could do something like IE6 SP1 which automatically :O invites us to (in this case) install the certificate which will ensure it will be recognised the next time .

Now, I have found the Tools>Privacy>View Data>View Certificates, but installing a new one is not intuitive -- it brings up a file open dialogue, but I have no idea where I should look for the certificate in question.

What do I do next?

Gordon.

____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]

Read here:

http://kmeleonbrowser.org/forum/read.php?1,116631,116854#msg-116854

You can try with altered chrome.

Hi guenter -

Ummmm... I read it, several times. Please bear with my lack of uptake. I think I see what's meant to happen, but honestly, all my programming skills evaporated 3 decades ago. I think I have to drop netError.xhtml into "C:\Program Files\K-Meleon\defaults\profile\macros". Is this correct?

BTW, this is a multi-user machine, admin and 4 users.

I do understand that a very few people are contributing much of their spare time to make a good browser even better. Keep up the good work, because it's very necessary.

Gordon.

____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]

Quote
gordon451

I think I have to drop netError.xhtml into "C:\Program Files\K-Meleon\defaults\profile\macros". Is this correct?

BTW, this is a multi-user machine, admin and 4 users.

Hi gordon451,

no. netError.xhtml is in ./chrome/embed.jar (embed.jar = zipped archive. It contains a subfolder called global, wehere the file is located).

disrupted posted a link to an altered chrome/embed.jar file that is supposed to improve on our current problems with invalid certificates.

http://kmext.sourceforge.net/tests/embed-certerrorfixes.7z

The archive contains a replacement for embed.jar where certError.xhtml and some other files are altered. It may help - but deadlock posted that there are still issues on some other pages with certificate problems.

Download, extract and drop the file to ./k-meleon1.6beta2/chrome/embed.jar

Create a backup of the original embed.jar which You are replacing!

Hope it works for Your problem page.


What can You do if the fix does not work on You page?

This type of exception handling worked until K-Meleon 1.5.4. It is broken in 1.6.

You can create a permanent exception with 1.5.4 in Your profile if You use the same profile with K-Meleon 1.6.

Provided the page is no page that uses new styles that only 1.6 can cope with.

Else I am also out of ideas what to do.

Hi guenter -

OK, I've replaced embed.jar.

1) is there supposed to be a new manifest to go with it?

2) it has screwed up the error alert layout: the message is there, but the nice box is gone. It does have the alert icon though. CSS?

disrupted posted his "embed-certerrorfixes.7z" on or before June 6, but he also posted "netError.xhtml" on about June 8. I assume netError is probably later than the one in embed.jar. These .jar files do not appear to be compressed in any way: it looks as though I can simply replace the June 6 version of netError with the June 8 version? Problem: UTF=8 encoding? Or are we less fussy?

edit: Curses!!!! It is compressed!!!! :mad: end edit.

Gordon.

____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]



Edited 1 time(s). Last edit at 06/17/2011 02:39AM by gordon451.

Quote
gordon451
Hi guenter -

OK, I've replaced embed.jar.

1) is there supposed to be a new manifest to go with it?

2) it has screwed up the error alert layout: the message is there, but the nice box is gone. It does have the alert icon though. CSS?

disrupted posted his "embed-certerrorfixes.7z" on or before June 6, but he also posted "netError.xhtml" on about June 8. I assume netError is probably later than the one in embed.jar. These .jar files do not appear to be compressed in any way: it looks as though I can simply replace the June 6 version of netError with the June 8 version? Problem: UTF=8 encoding? Or are we less fussy?

edit: Curses!!!! It is compressed!!!! :mad: end edit.

1.) It will reuse the old manifest. The manifest stay the same unless You want to fix something in the manifest.

2.) CSS or other code change. Does the button add an exception when clicked?
Else the new jar does not cover all needed changes.

3.) embed.jar is saved as zip file (some programs like 7.zip can save it with the extension jar / other save it as zip and You rename the extension to jar manually). It does not matter whether You use normal comression. So You can also compress. It is only that it uses some extra RAM when You deflate it during loading. I personally prefer compressed jars since I think reading a small file and deflating in RAM is faster than reading the uncompressed big file.

It is UTF=8 encoding. And Yes it is fussy and breaks when it is encoded differently. But a good compression program does not break it.

4.) You can replace it inside the jar. But I guess disrupted has used the latest version.



Edited 1 time(s). Last edit at 06/17/2011 08:00AM by guenter.

Quote
guenter
2.) CSS or other code change. Does the button add an exception when clicked?
Else the new jar does not cover all needed changes.

Yes, the exception is there.

Unfortunately, when a slow DSLAM generated a File Not Found, the K-M site now has the alert favicon associated with it instead of the gecko. This persists after a browser restart. The good news is that this did not happen when looking at the investorcentre.linkmarketservices.com.au site with the crook security certificate, it still has the default gecko favicon.

I won't bother trying to replace anything, as I only have NotePad. This can do UTF-8, but it's fiddly and the lack of line-break formatting is a huge distraction. I did try jedit, but that is fearsomely complicated. I'll let people who know far more than me do the heavy lifting

Gordon.

____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]

I just added Certificate Manager to netError.xhtml.
It can add exceptions and import certificates.

chrome://pippki/content/certManager.xul

Quote
gordon451

I won't bother trying to replace anything, as I only have NotePad. This can do UTF-8, but it's fiddly and the lack of line-break formatting is a huge distraction. I did try jedit, but that is fearsomely complicated. I'll let people who know far more than me do the heavy lifting

Notepad++ and pspad are good for coding UTF-8. AFAIK Windows Notepad is no good.

Best wait till this is fixed by the PPL that know more than us.

@deadlock can You post the changed embed.jar at the dhost.info server.
If You lost the password I can post it.

Quote
gordon451
2) it has screwed up the error alert layout: the message is there, but the nice box is gone. It does have the alert icon though. CSS?
...
edit: Curses!!!! It is compressed!!!! :mad: end edit.

Keep your old CSS and the box will stay.
The replaced favicon removes the modal popup.

Default K-Meleon JAR files are renamed ZIP files without compression,
but KM would accept normal compression.
The paths in the archive must be identical.

Quote
guenter
@can You post the changed embed.jar at the dhost.info server.

@Guenter
Certificate Manager should open from url bar.
You can enter any site's address in 'Add Exception ...'
and use 'Get Certificate' and 'View Certificate' from there.

New working buttons in netError.xhtml need Beta 3.



Edited 1 time(s). Last edit at 06/17/2011 07:24PM by deadlock.

Thanks deadlock for fixing so much!
Have no clue of all that, but that's some more steps forwards towards finally an 'officially stable' KM1.6, so direly needed.

Quote
gordon451
I won't bother trying to replace anything, as I only have NotePad. This can do UTF-8, but it's fiddly and the lack of line-break formatting is a huge distraction.

Sure kinda bothersome, but are you really sure it has no line-breaking...? I know it gets disabled at each start again, but guess there is a menu and (optional?) button to enable it again. Hmm, or perhaps you just mean some special formatting signs...



Edited 1 time(s). Last edit at 06/17/2011 07:12PM by siria.

@siria
disrupted found this perfect fix,
that does NOT depend on a new KM.exe.

Did gordon451 try to edit the binary file embed.jar with a text-editor?

G'day all -

Quote
deadlock
Did gordon451 try to edit the binary file embed.jar with a text-editor?

Ummm... No. I'm lazy, and given that UTF-8 is needed, it was just too difficult

How would I keep my old CSS? I thought that would be handled in the embed.jar?

Quote
siria
but are you really sure it has no line-breaking...?

Well, perhaps I didn't explain it clearly/correctly. Even when Format>Word wrap is turned on, the standard chr(13) + chr(10) line break line feed formatting is ignored. The same file in EditPad formats "properly". Alas, EditPad Classic does not have UTF-8

Gordon.

____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]

Quote
gordon451
Ummm... No. I'm lazy, and given that UTF-8 is needed, it was just too difficult

How would I keep my old CSS? I thought that would be handled in the embed.jar?

@Gordon
I did not read all comments before.

Information:
Thou shall not edit jar files with a text editor.
Thou shall not edit zip files with a text editor.
en.wikipedia.org/wiki/ZIP_(file_format)

It would be better if you wait. One of us,
may upload a modified embed.jar later this day.

@Gordon

Here is the modified embed.jar with disrupted's base64 favicon.

An (optional) updated embed.manifest is available too.

Only one window opens if secure connection failed.

Dialogs and 'airport pig' are in place.



Edited 1 time(s). Last edit at 06/18/2011 09:33PM by deadlock.

Hi deadlock -

OK, got your embed files, deleted iconcache.dat, all works well now...

BUT, how do I go about editing the necessary certificate? No information about the certificate is given, so I don't know which I should mutilate in Tools>Privacy>View Data>View Certificates. Further, where would I look to import a certificate if the one I need is not in the list? The "Add" button defaults to my download folder, and I'm sure I won't find certificates there!

I am willing to "Add an Exception" -- but it's bit pointless telling the webmaster that "his certificate is unknown" :cool: I do trust the website, but OTOH the lack of a certificate is trying to tell me to be very cautious.

{edit}
Alas! The favicons are still screwing up. I can't quite see a pattern, but they seem to be affecting only the K-M site, and appear to be caused by attempts to use other sites. I have restarted K-M several times, but the favicon replacement is persistent. I have also deleted the iconcache.dat which sometimes works.
{end edit}

{edit}
OK, the favicon seems to follow the tab, across sites.
{end edit}

Gordon.

____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]



Edited 2 time(s). Last edit at 06/19/2011 05:47AM by gordon451.

@Gordon
Updated jar again, without visible change.

View Certificate and Certificate Manager buttons on
cert error pages only work in next beta (chrome restrictions).

>the lack of a certificate
Has or hasn't?

If the aim of your request is opening
|https://<bad_cert_server>/<somefile>|
then you can add an exception here:

Tools>Privacy>View Data>View Certificates>Servers>AddException

Enter the address in location and press 'Get Certificate'.

It gets the certificate from the target server and
has to be confirmed with 'permanently store this exception'.
An option to delete selected exceptions will be activated.

New entries are available after restart.

Editing is not available. Export/Import works sometimes. :mad:

Hi deadlock -

Installed the new jar, and many thanks for the instructions! It worked like a charm!

>the lack of a certificate : Hasn't.

I look forward to beta3 :drool:

Ummm... Oh yes: The Address Not Found alert:

Quote
gordon451
{edit}
OK, the favicon seems to follow the tab, across sites.
{end edit}

No it doesn't. It seems definitely to attach itself to the KM website, regardless of which site wasn't found.

Gordon.

____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]

Quote
gordon451
No it doesn't. It seems definitely to attach itself to the KM website, regardless of which site wasn't found.
Gordon.

You can turn off browser.chrome.favicons in about:config.

Or fix the source: FavIconList.cpp

Quote
deadlock
Or fix the source: FavIconList.cpp

Ummm... No I'll let someone who knows what's what do it.

Gordon.

____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]