Incorrect error message for expired TLS certs

[fmarier]

Description

Sites with an expired TLS cert show a "your clock is ahead".

Also reported on https://community.brave.com/t/expired-server-certificate-handled-as-client-clock-error/253930.

Steps to Reproduce

1. Visit https://expired.badssl.com/

Actual result:

Expected result:

Reproduces how often:

Always

Desktop Brave version:

Brave | 1.26.43 Chromium: 91.0.4472.77 (Official Build) beta (64-bit)
-- | --
Revision | 1cecd5c8a856bc2a5adda436e7b84d8d21b339b6-refs/branch-heads/4472@{#1246}
OS | Linux

Android Device details:

• Install type (ARM, x86): ARM
• Device type (Phone, Tablet, Phablet): Pixel 3a
• Android version: 11

Version/Channel Information:

• Can you reproduce this issue with the current release? YES
• Can you reproduce this issue with the beta channel? YES
• Can you reproduce this issue with the nightly channel? YES

Other Additional Information:

• Does the issue resolve itself when disabling Brave Shields? N/A
• Does the issue resolve itself when disabling Brave Rewards? N/A
• Is the issue reproducible on the latest version of Chrome? NO

[gvladas]

same problem

[shrirenjith]

Same issue with multiple sites .

[tewe]

I can reproduce this with Brave 1.25.72 on macOS 11.4.

I think this is wrong, but you could argue that it's user-friendly. In the unlikely case that the clock really is wrong, this message is actionable. An expired certificate only is actionable to developers.

[gvladas]

I can reproduce this with Brave 1.25.72 on macOS 11.4.

I think this is wrong, but you could argue that it's user-friendly. In the unlikely case that the clock really is wrong, this message is actionable. An expired certificate only is actionable to developers.

There is nothing wrong with my clock.

There must be an option Proceed, as on Chrome, to continue with an expired certificate.

[sallyoh]

Same here June 2021: can't get to my own website because "the clock is wrong" but it is correct. Any workaround?

[bbleslie98]

The issue is still present on the Brave version 1.26.67, with Chromium: 91.0.4472.114

[gvladas]

The issue is still present on the Brave version 1.26.67, with Chromium: 91.0.4472.114

and Version 1.26.74 Chromium: 91.0.4472.124 (Official Build) (64-bit)

[diracdeltas]

@sallyoh does your website have a valid TLS cert? (does it work in other browsers?)

we initially thought this was due to an out of date build timestamp, but the timestamp seems right so we need to dig further

[sallyoh]

it does have a valid TLS cert and the site is working now...

[cyrilchristin]

Issue still present for expired TLS certs

Reproduced via https://expired.badssl.com/ on Version 1.26.74 Chromium: 91.0.4472.124 (Official Build) (64-bit) (Windows 10)

• Clock time is valid & synced
• Issue not present on Chrome Version 91.0.4472.124 (Official Build) (64-bit) (Windows 10)

Extra Point: I think that such a situation where there is absolutely no way to bypass an error should be avoided. There should be some way to bypass such errors, even if it takes multiple (advanced) steps to do so (eg. flag to enable & typing thisisabadidea). Such situations are rendering the browser unusable and forcing the user to switch browsers

[jms1voalte]

Still present, Version 1.26.74 Chromium: 91.0.4472.124 (Official Build) (x86_64) on macOS 11.3.

[cyrilchristin]

Issue still present on latest nightly build
Version 1.28.70 Chromium: 92.0.4515.81 (Official Build) nightly (64-bit) (Windows 7)

[alexandrevicenzi]

Same issue on openSUSE 15.3

[iefremov]

fwiw for me it works fine in current beta, but not in nightly/stable

Brave	1.27.100 Chromium: 91.0.4472.124 (Official Build) beta (x86_64)

[cyrilchristin]

Issue still present in current beta in my latest tests:

Build	Version	Status
Official	1.26.74 Chromium: 91.0.4472.124 (Official Build) (64-bit) (Windows 7)	Clock error
Beta	1.27.102 Chromium: 91.0.4472.124 (Official Build) beta (64-bit) (Windows 7)	Clock error
Nightly	1.28.77 Chromium: 92.0.4515.93 (Official Build) nightly (64-bit) (Windows 7)	Clock error

[cdmichaelb]

Still an issue on:
Version 1.26.77 Chromium: 91.0.4472.164 (Official Build) (64-bit)

[cyrilchristin]

Issue still present in builds:

Build	Version	Status
Official	1.26.77 Chromium: 91.0.4472.164 (Official Build) (64-bit) (Windows 7)	Clock error
Beta	1.28.83 Chromium: 92.0.4515.93 (Official Build) beta (64-bit) (Windows 7)	Clock error
Nightly	1.29.3 Chromium: 92.0.4515.101 (Official Build) nightly (64-bit) (Windows 7)	Clock error

[APB9785]

Just encountered this issue in the wild
Version 1.26.77 Chromium: 91.0.4472.164 (Official Build) (x86_64)
macOS 10.14.6

[iefremov]

thanks for the reports, we are looking into this.

[iefremov]

The problem is caused by some discrepancies in how "precise" network time is determined in the browser. We are figuring out a fix

[dutchkillscreative]

Is it possible to include a hotfix to allow a user to proceed through the advanced menu like other certificate issues?

[diracdeltas]

@dutchkillscreative if there's no button to proceed in the advanced menu, you could try typing thisisunsafe (option 2 in https://www.technipages.com/google-chrome-bypass-your-connection-is-not-private-message)

[iefremov]

Should be fixed now.

[bbleslie98]

Should be fixed now.

It works for me in the latest official release, great news! Thank you!
(Version: 1.27.108 Chromium: 92.0.4515.107)

[iefremov]

Fixed with https://github.com/brave/devops/pull/5518

[stephendonner]

Verified PASSED using

Brave	1.29.30 Chromium: 92.0.4515.115 (Official Build) nightly (x86_64)
Revision	48cb2f4029b84b003719740a6cf9ca73f374a857-refs/branch-heads/4515_105@{#4}
OS	macOS Version 11.5.1 (Build 20G80)

Steps:

1. new profile
2. launched Brave
3. loaded https://expired.badssl.com/ and confirmed I got the same experience as in the Expected Results
4. confirmed clicking on Advanced and then Proceed to expired.badssl.com let me through to https://expired.badssl.com/

example	example	example

---

Verification passed on

Brave	1.29.60 Chromium: 92.0.4515.131 (Official Build) beta (64-bit)
Revision	6b8d6c56ce21e38a72f7c4becb5abc1fa5134f29-refs/branch-heads/4515@{#1933}
OS	Ubuntu 18.04 LTS

dark mode:

light mode:

---

Verification passed on

Brave | 1.29.60 Chromium: 92.0.4515.131 (Official Build) beta (64-bit)
-- | --
Revision | 6b8d6c56ce21e38a72f7c4becb5abc1fa5134f29-refs/branch-heads/4515@{#1933}
OS | Windows 10 OS Version 2009 (Build 19043.1165)

1. loaded https://expired.badssl.com/ and confirmed I got the same experience as in the Expected Results
2. confirmed clicking on Advanced and then Proceed to expired.badssl.com let me through to https://expired.badssl.com/
3. verified light and dark mode

example	example	example

[srirambv]

Verification passed on Oppo Reno 5 with Android 11 running 1.29.51 x64 Beta build

• Verified interstitial page shows connection is not private message
• Verified proceed to page loads the page correctly

---

Verification passed on Oppo Reno 5 with Android 11 running 1.29.51 x64 Beta build

• Verified interstitial page shows connection is not private message
• Verified proceed to page loads the page correctly

[jryagersr]

Stilll getting this on Brave [Version 1.37.113 Chromium: 100.0.4896.88 (Official Build) (x86_64)]

OSX El Capitan Version 10.11.6 (15G22010) (latest update for machine)

Loading this URL

https://community.brave.com/t/computers-date-and-time-are-incorrect-error/261672

Edit: Had to use Firefox to load this page

[fmarier]

@jryagersr Those are very old (and unsupported) versions of both OSX and Brave. I would not expect websites to continue to work since TLS (and security in general) have continued to evolve since 2018 when that version of OSX was last updated by Apple.

[jryagersr]

Unfortunately, the latest allowed on this machine.