Closed Bug 106865 Opened 22 years ago Closed 21 years ago

Blank page instead of SSL error dialog visiting https server

Categories

(Core Graveyard :: Security: UI, defect, P2)

1.0 Branch
defect

Tracking

(Not tracked)

VERIFIED FIXED
psm2.4

People

(Reporter: nelson, Assigned: KaiE)

References

()

Details

Attachments

(4 files, 3 obsolete files)

I'm running N6.x BuildID: 2001091703
I'm attempting to reproduce a problem reported by a user with an older
version of Mozilla.  I should be getting SSL error dialogs, (like the ones
he reported) but instead I'm getting the infamous blank page, whose 
contents are:
           <html><body></body?</html>

That blank page phenomenon is EVIL!

Here's how I reproduced it.
1. Visit http://ca.in-berlin.de/cgi-bin/rootca and download the root CA
cert, but do not check any of the trust check boxes.
2. Visit http://ca.in-berlin.de/cgi-bin/serverca and download the 
intermediate CA cert, but do not check any of the trust check boxes.3. Visit
https://me.in-berlin.de/ or https://me.in-berlin.de/asdfkjh

You should get an error message about an untrusted CA cert.
Instead, I get a blank page.

4. Then use the Certificate Manager and edit the trust flags for the 
root CA,  trusting it to issue SSL server certs.  
5. Visit https://me.in-berlin.de/ or https://me.in-berlin.de/asdfkjh

You should get an error message about some other problem with the CA cert.
Instead, I get a blank page.
I think that
A) we should never see blank pages when there are SSL problems, and 
b) if we ever DO get this page, IT SHOULD NOT BE BLANK.

I propose that the page be changed to something like this:

   <html><body>If you can see this, PSM needs more work.</body?</html>
This was taken care of by the fix to bug 97997


*** This bug has been marked as a duplicate of 97997 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Priority: -- → P2
Resolution: --- → DUPLICATE
Target Milestone: --- → 2.2
Verified dupe.
Status: RESOLVED → VERIFIED
I've got news for ya.
I downloaded the 10-22 build from sweetlou, which identifies itself as
Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 
(note it says 10-19)
And I get the same blank pages from it.
So this bug is NOT fixed.
Status: VERIFIED → REOPENED
Resolution: DUPLICATE → ---
Here is an update.  I see that what's actually happening is that no new page
is being loaded at all.  It's not a new blank page being loaded.  Whatever
page was being shown before is left showing.  
So, with this bugzilla page in my window, I visit the URL cited above,
and when the throbber stops, it says "document done", and no error dialogs
appeared, but I'm still looking at the same mozilla bug page.
With the 10/26 Win98 trunk build, I get "You cannot connect because of an 
unknown SSL error (-8101)"
Using nelsonb's TLS tests, I get:
/u/junruh/tls >./tstclnt -h me.in-berlin.de -d . < stdin.txt
tstclnt: connecting to me.in-berlin.de:443 (address=213.61.118.14)
tstclnt: connect: Operation is still in progress (probably a non-blocking 
connect).
tstclnt: about to call PR_Poll for connect completion!
tstclnt: PR_Poll returned 0x02 for socket out_flags.
tstclnt: ready...
tstclnt: about to call PR_Poll !
tstclnt: PR_Poll returned!
tstclnt: PR_Poll returned 0x01 for stdin out_flags.
tstclnt: stdin read 16 bytes
tstclnt: Writing 16 bytes to server
tstclnt: about to call PR_Poll on writable socket !
tstclnt: PR_Poll returned with writable socket !
tstclnt: about to call PR_Poll on writable socket !
tstclnt: PR_Poll returned with writable socket !
tstclnt: write to SSL socket failed: Certificate type not approved for 
application.
How 'bout a dialog box saying that in PSM?
Confirmed for 2001110703 on Win98SE.

This bug is very annoying (severity should be major) because no https site can
be browsed.
rangan
Assignee: ssaux → rangansen
Status: REOPENED → NEW
Status: NEW → ASSIGNED
Something darn similar to this is happening in release 0.9.6, though it did not
happen in 0.9.5, on Linux.  With the 095 release, I was able to do my secure
banking and shopping with no problem at all.  With 096, hitting https:// pages
do nothing at all, or load a blank page if they were to open a new window
(either by javascript or by hitting the middle mouse button).  I reported it as
bug #111323, which will likely be marked a duplicate of this one.
This bug is really annoying. In fact, it's a "showstop" bug for any HTTPS user.

Please, update the "severity" field to reflect this important fact.

Mozilla is my only browser since last summer. Excellent work, guys.

Merry Christmas and happy 2002.
Blocks: 126944
Works for me. I cannot reproduce, and also haven't seen a blank page for a long 
time now.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago21 years ago
Resolution: --- → WORKSFORME
Verified works for me.
Status: RESOLVED → VERIFIED
I got some bad news for you guys, this bug is still in 0.9.9, and it's still as 
much of a showstopper. Except now I have a test case.
It involves a bad SSL server configuration, but nonetheless mozilla should 
report an error, not a blank page .

See the attached cert and key databases.
They are for the server. Run selfserver from NSS the following way :

(strange)/u/jpierre/nss/34/mozilla/dist/SunOS5.8_DBG.OBJ/bin{72} !68
./selfserv -n Server-Cert -p 2000 -m -r -r -w enterprise

Then connect with Mozilla to the machine, in this case https://strange:2000 .

Then, mozilla will display the infamous blank page !

Meanwhile, selfserv will also report an error below :
selfserv: HDX PR_Read returned error -12199:
No certificate authority is trusted for SSL client authentication.

This is normal and is expected for this invalid SSL server configuration. But 
mozilla must deal with it. This is a showstopper.

Reproduced, reopening
Status: VERIFIED → REOPENED
Resolution: WORKSFORME → ---
You may want to take a look at 
http://bugzilla.mozilla.org/show_bug.cgi?id=134125
for other investigations about what led me to create this testcase .

Apparently the client side just gets an "end of file" right away from the 
misconfigured server, there is no SSL error reported. So there may also be a 
libssl bug at stake here.

Even if there is no SSL error reportd, mozilla should still report a problem 
with the site if it submits an HTTPS request and gets nothing back from the 
server. I discussed the HTTP/HTTPS aspects of this in another very similar bug, 
http://bugzilla.mozilla.org/show_bug.cgi?id=126944 .

OS: Windows NT → All
Hardware: PC → All
kai
Assignee: rangansen → kaie
Status: REOPENED → NEW
Target Milestone: 2.2 → Future
This problem seems related to "proxy" usage and SSL2+SSL3+TLS support. If you
have a proxy, TLS support and the remote server doesn´t support TLS but SSL3,
you see the problem. I haven't bug IDs at hand, but the problem seems reported
also in this context. Search the bugzilla database.

Since I can only navigate thru a proxy (squid), this is a showstop for me and a
big NO-NO for a inminent 1.0 release.
I believe that this bug and bug 126944 are duplicates.  I'll leave it 
to the assignee to decide which one to mark as a dup.

I believe that neither bug has anything to do with proxy handling.

This bug and bug 126944 appear to have the same cause, namely, 
a flaw in the logic that attempts to decide whether a given error 
should be displayed to the user by PSM or not.  Esentially, the 
error is that the code only displays errors for error codes that 
begin with SSL_, not ones that begin with PR_ or SEC_.  

The explanation for this bug is given in 
http://bugzilla.mozilla.org/show_bug.cgi?id=126944#c6
I have seen a similar problem.
The feature I realized is that https://
pages work only if disk cache is enabled.
If the disk cache size is set to 0 (or left blank)
a https:// page doesn't show up at all.
Really strange.
My comment was wrong.
I meant memory cache instead of disk cache.
Keywords: nsbeta1
Keywords: nsbeta1nsbeta1+
Here's my findings:

- The original problem is no longer reproducable as it has been said already.
Trying steps 1-3 in the original report, I indeed see the error message. After
steps 4-5 the connection works, probably as the server configuration is
meanwhile correct.

- I can reproduce the problem that Julien reports in comment 14, using the
approach he suggested.


However, the symptoms are different. I don't see a blank page any longer.

However, when the failure occurs, no warning is shown at all.
The connection silently fails.
The content currently shown in the browser continues to be shown, and the user
has no idea what happened.
Status: NEW → ASSIGNED
Michael, I can not reproduce your problem. But it sounds different. If you still
can reproduce, please file a separate bug.
Attached patch Patch v1 (obsolete) — Splinter Review
When the connection fails in the given scenario, NSS does not return a specific
failure code. Instead we receive PR_END_OF_FILE_ERROR. Julien, Nelson, do you
think NSS should return a better error code?


Or is it reasonable to always inform the user if a connection to a remote site
fails with this error?

The attached patch will always show an error message to the user, if an attempt
is being made to load a top level document, and the socket transport thread
detects an EOF while expecting to be able to read or write to the socket.

Darin, do you think this makes sense?
If yes, is it ok to Mozilla's error code NS_ERROR_ABORT or should we define a
new one, like NS_ERROR_END_OF_FILE?
NS_ERROR_ABORT is probably too generic for this.  would it be useful to have
necko retry the connection?  if so, then you should map PR_END_OF_FILE_ERROR to
NS_ERROR_NET_RESET.  if 10 unsuccessful attempts go by, necko will finally error
out to docshell with NS_ERROR_NET_RESET, which will cause docshell to put up the
error message saying "the document contains no data."
Would an automatic retry have the chance to retransmit high level application
data, like the user's command to submit an order?

I wonder what happens if a buggy server accepts the order and sends us an EOF.

If you prefer an automatic retry and the same handling as in connection reset,
could we limit the automatic retry on EOF to those situations, where no high
level protocol data has yet been exchanged?
> Would an automatic retry have the chance to retransmit high level application
> data, like the user's command to submit an order?

yes, provided we have not yet read any data to satisfy the transaction.  i.e.,
necko already assumes that if there is no response from the server, then there
was never a complete transaction.  this is actually required given the way
TCP/IP works.  that is, writing may appear to succeed even though the other end
has closed the socket.  you'll only find out that it is closed after you get
done writing and try to read.

> I wonder what happens if a buggy server accepts the order and sends us an EOF.

ooh.. that'd be very bad.

> If you prefer an automatic retry and the same handling as in connection reset,
> could we limit the automatic retry on EOF to those situations, where no high
> level protocol data has yet been exchanged?

there's no way to determine if high level data has been exchanged.  sure, we
could say that we won't do this when issuing a HTTP POST, but what about a HTTP
GET?  it can have side-effects even though the standard says it should not.

when does the EOF occur?  were we able to successfully complete the SSL
handshake?  is it just that the server closed the connection after we issued the
HTTP request?
1) In this particular situation reported within this bug, the SSL handshake will
have failed, and no application data will have been exchanged. I would like to
find a way to report this failure to the user.

2) All we see is an EOF error code. This is a generic error that might occur in
many other situations, like generic networking for other protocols. Currently,
this error code is not specifically handled in necko.

3) When we try to do 1), I would like to avoid introducing new risks for 2),
like the "order submit example" for the http protocol.


I was asking about how Necko behaves, because I want to be careful. I think we
should do 1) without having to care for individual protocols like http.


The question is: Will a general new rule in Necko, that makes it retry on EOF,
have the risk to introduce new risks for 2)?


If there is the risk, I'd prefer to avoid it, and just display an error to the
user immediately.
This whole discussion might be obsolete, if Nelson thinks that NSS should give
us a better error message than just EOF, like SSL_HANDSHAKE_FAILED.

Nelson, what do you think?
The SSL protocol demands that an SSL "close notify alert" record be sent 
before a connection is closed.  If an SSL connection reads an EOF from the 
underlying socket without having already received a "close notify alert",
this is a violation of the SSL protocol.  In this case, the EOF is an
error, a protocol violation, rather than merely being an indication of
the normal end of the server's data stream.  So, libSSl returns -1 with 
PR_END_OF_FILE_ERROR rather than returning zero (EOF) in this case.  
AFAIK, this is the only circumstance under which PR_END_OF_FILE_ERROR
is generated (in libSSL).

So, PR_END_OF_FILE_ERROR means that the remote server (or an attacker) 
closed the connection without properly terminating the SSL protocol.

The application may wish to take a different action than it would for
the normal EOF case when it sees this error.  How the application  deals 
with this error is application dependent.  

Off the top of my head, I might suggest that the application could treat 
this error the same as an ordinary EOF if it has not received any response 
to its https request prior to the receipt of this error, and treat it as a 
security error if some portion of the http response has been received prior 
to the occurance of this error.
On second thought, I think the interpretation of the PR_END_OF_FILE_ERROR
has to depend on whether or not the http request was sent prior to the 
error occurance.  If the request was completely sent before the error 
occurs, then this error has to be regarded as a security violation,
a "truncation attack".  

This invalid-EOF-detection facility in SSL/TLS is there precisely to deal
with situations like the one where the server receives the request, 
honors it, and then the client is disconnected (e.g. by an attacker 
inserting a TCP FIN segment) before the client receive's the server's
response.  In this situation, the user should be notified that the 
connection was terminated in an insecure way, and perhaps the user
should be advised to check to see if the transaction was completed 
before resubmitting the transaction.
Let me summarize:

I conclude that Nelson
- does not think NSS should send us a better error, but PR_END_OF_FILE_ERROR is
sufficient.
- suggests we should NOT automatically retry if there is the chance the remote
site has already received our request.
- implicitly allows us to retry in certain situations, like knowing that we have
not yet sent any application data. (I'm generalizing from the http protocol
situation to a generic application protocol, since we probably don't want to add
http protocol dependent logic to the generic socket transport logic.)

In addition I see there is no other code in Mozilla which sets the
PR_END_OF_FILE_ERROR code, so our new behaviour is not likely to introduce side
effects.


To avoid risks and find a general solution I keep up my suggestion to:
- never retry
- always warn


As a result, we are back at comment 26/27, where I ask whether NS_ERROR_ABORT is
fine, or whether we should introduce a new one.

As Darin thinks the abort error code is too generic, I suggest to introduce a
new error code.

If nobody objects, I will attach a new patch, that is very similar to the
previous patch, but defines and uses the new error code NS_ERROR_END_OF_FILE
(directly defined in xpcom/base/nsError.h since this code sounds to be generic
enough).
1. Yes, I think PR_END_OF_FILE_ERROR is sufficient.  I see no need to create
another new error code (e.g. NS_END_OF_FILE_ERROR) with a 1:1 mapping.

2. The logic that decides whether or not to retry an http request should be the 
same with or without SSL.  It seems to me that the http client should not 
silently reissue the http request if/when it receives EOF __AFTER__ it has
completely sent the request.  

3. PR_END_OF_FILE_ERROR is different from a ZERO return (ordinary end of file)
in that the latter signifies an SSL protocol violation, a potential security 
attack.  I think that never retry & always warn is appropriate for this.
if you don't want the HTTP module to silently retry the request, then mapping
PR_END_OF_FILE_ERROR to NS_ERROR_NET_RESET is wrong.  if you map it to some
error like NS_ERROR_ABORT, then the user will see nothing but a blank page. 
what you probably want to do is map the error to some other error (perhaps
defined in netCore.h) and modify nsWebShell::EndPageLoad to check for that error
and display a message to the user indicating why they are seeing a blank page.
Nelson,

> 1. Yes, I think PR_END_OF_FILE_ERROR is sufficient.  I see no need to create
> another new error code (e.g. NS_END_OF_FILE_ERROR) with a 1:1 mapping.

My question was only related to what NSS gives out. Thanks, I'll react to that
code then.

The suggested 1:1 mapping to a new NS_END_OF_FILE_ERROR code has a different
reason: In Mozilla, the error code needs to transported through XPCom
components, which has a different error code namespace, and I can't pass the PR
code through as is, so I would like to introduce that new code.


> 2. The logic that decides whether or not to retry an http request should be the 
> same with or without SSL.  It seems to me that the http client should not 
> silently reissue the http request if/when it receives EOF __AFTER__ it has
> completely sent the request.  

I assume, in this paragraph, when you say EOF, you mean ordinary EOF, i.e. zero
byte return.

Agreed. I would even go one step further and not limit this proposal to HTTP,
but to any protocol.
With the new error code PR_END_OF_FILE_ERROR / NS_END_OF_FILE_ERROR, I think we
already agree to not retry.
However, for error codes PR_CONNECT_ABORTED_ERROR and PR_CONNECT_RESET_ERROR I
think we should move that handling to a separate bug. I would like to leave that
decision to Darin, whether to change the existing behaviour for those error
codes (which is unrelated to this bug).


> 3. PR_END_OF_FILE_ERROR is different from a ZERO return (ordinary end of file)
> in that the latter signifies an SSL protocol violation, a potential security 
> attack.  I think that never retry & always warn is appropriate for this.

Good. I think we all agree here. This is what this bug is about.
Darin,

> if you don't want the HTTP module to silently retry the request, then mapping
> PR_END_OF_FILE_ERROR to NS_ERROR_NET_RESET is wrong.  

Agreed. We don't want that.


> if you map it to some
> error like NS_ERROR_ABORT, then the user will see nothing but a blank page. 

Only because we don't handle that error code currently, but in my patch I
suggest to do so.
However, as you said, NS_ERROR_ABORT is generic, and I suggest to introduce
NS_END_OF_FILE_ERROR, and use that error code instead in my patch. Besides that
change, the patch should still be what we seem to agree on.


> what you probably want to do is map the error to some other error (perhaps
> defined in netCore.h) 

I suggested a global NS_END_OF_FILE_ERROR, but if you prefer a network code
local error code, that's fine with me, too.


> and modify nsWebShell::EndPageLoad to check for that error
> and display a message to the user indicating why they are seeing a blank page.

I believe that is what the attached patch is doing already?
I discussed with Sean Cotter, explaining the problem. He suggested the following
wording (where %S is the hostname). I like the wording.

"The connection to %S has terminated unexpectedly. Some data may have been
transferred."
Attached patch Patch v2 (obsolete) — Splinter Review
This new patch has the following changes:

- uses new XPCom error code NS_ERROR_SOCKET_EOF defined in netCore.h
  (instead of NS_ERROR_ABORT)

- maps PR_END_OF_FILE_ERROR to the new error code, no automatic retry

- extends nsWebShell::EndPageLoad to detect the error and calls an extended
version of nsDocShell::DisplayLoadError which will display the new error
message suggested by Sean


Darin, if you agree, can you please review?
Attachment #95348 - Attachment is obsolete: true
this message:

"The connection to %S has terminated unexpectedly. Some data may have been
transferred."

should almost be the default error message when a document fails to load
completely (not as a result of user action).  i've tried to introduce such a
dialog, but there are unfortunately some cases in which it erroneously fires.
iirc, imagelib terminates some otherwise valid image loads with
NS_ERROR_FAILURE, and javascript: URLs may even signal an error in some cases.

this is why we use a white-list to determine which errors should map to error
dialogs.

in this case, i think you could safely use NS_BASE_STREAM_CLOSED instead of
introducing a new error code.
If I understand you correctly, you want to use that generic code for this
specific situation in this bug, and are willing to accept that as a result, this
message will be shown in many situations, whenever the BASE_STREAM_CLOSED error
appears (at least for the top level document)?

New patch coming up.
Attached patch Patch v3 (obsolete) — Splinter Review
Same patch as v2, using NS_BASE_STREAM_CLOSED instead
Attachment #97228 - Attachment is obsolete: true
Comment on attachment 97234 [details] [diff] [review]
Patch v3

sr=darin
Attachment #97234 - Flags: superreview+
Comment on attachment 97234 [details] [diff] [review]
Patch v3

I should have tested this latest version of the patch, it does not work, and I
have already discussed with Darin. The problem is that we can't really use
NS_BASE_STREAM_CLOSED, as this code is occurring in standard situations and
will be mapped to NS_OK.
Attachment #97234 - Attachment is obsolete: true
I have discussed with Darin, the new error code should be named
NS_ERROR_NET_INTERRUPT.

The following is a summary of what I have discussed with Darin, and what I
believe is true for the PR_END_OF_FILE_ERROR.

This paragraph is actually long, and you might not want to read it completely.
It is rather the result of me trying to sort my thoughts and trying to
understand it better. After having written it, I'm more confident what we are
doing here is correct.



Assumption:
  When writing bytes over TCP/IP, it is not immediately known whether the write
succeeded or not.
  When doing the next read, and the read fails, it is unknown how many bytes
(none, some, all) were received by the remote site.

Desired Mozilla network behaviour (already in place):
  (1)
  If not even a single byte has been received from the remote site, and a read
error is detected, an automatic retry should happen.
  This is currently done when PR_CONNECT_ABORTED_ERROR or PR_CONNECT_RESET_ERROR
is seen (and communicated using NS_ERROR_NET_RESET).

Suggested additional behaviour:
  (2)
  If the application is sure that at least one single byte has already been
received from the remote site, 
    and an unexpected read error is detected, then we don't want to retry.
  This is communicated with the new proposed code NS_ERROR_NET_INTERRUPT.

Nelson said, if PR_END_OF_FILE_ERROR is set, it means the remote site did not
follow the protocol rules.
I assume SSL is a "client writes first" protocol.
There are two possibilites:
a) We have started with sending the initial handshake bytes, but the remote site
did not answer, we did not receive any bytes.
   I assume this is NOT treated as the PR_END_OF_FILE_ERROR case. It probably
does not make sense.
   If we are not yet sure the other site is speaking our protocol, since we have
not yet received any bytes,
     we can't really assume it's a protocol violation.
b) We have not yet exchanged application data, but we are still in the SSL
negotiation phase.
   We have already exchanged at least some SSL handshake bytes, so we are
assuming the remote site speaks SSL,
   and we are negotiating details.
   Once we have arrived in that state, we assume the protocols must be followed.
   If in that situation the remote site terminates the connection, without
having followed the fule to say "good bye",
     the situation is treated as a protocol violation, and PR_END_OF_FILE_ERROR
is reported.
c) We have completely finished the SSL handshake phase.
   We are now in the phase terminating the connection with sending "good bye"
messages first is a protocol violation.
   Therefore, any unexpected connection termination is communicated with
PR_END_OF_FILE_ERROR.


My assumption a) is probably correct. In this case, SSL is not different from
any other network logic.
An automatic retry would be reasonable and can not cause problems.
But even if my assumption were wrong, and PR_END_OF_FILE_ERROR is set anyway,
this isn't much of a problem.
The only consequence is: No automatic retry on initial SSL connection failure.

If PR_END_OF_FILE_ERROR is seen in b) or c), it is reasonable not to retry.
If we don't want to retry, we need to communicate that using NS_ERROR_NET_INTERRUPT.

By setting NS_ERROR_NET_INTERRUPT for both b) and c), the application code can't
distinguish whether application data was exchanged or not.
However, since it is known for sure that at least some bytes were exchanged, a
general connection was possible, and it is known for sure
  the actual transaction has been started. If that is known for sure, it is
reasonable to not automatically retry / repeat the transaction.

Attached patch Patch v4Splinter Review
This patch introduces the new error code as suggested.

Besides that I have made one additional change:

The previous patch only showed the error when the top level frame produced that
error.

However, I think it is reasonable to show that error even if the error occurs
in a sub frame.
This time I have actually tested the patch. It works for me.
Besides Julien's test case, it also fixes another behaviour.
Try to open https://www.mozilla.org:80/
It shows the same wrong behaviour (blank page, or rather, unchanged display,
without error message).
That's another situation this patch fixes.

Darin, are you ok with the numerical error code I assigned? It seems to fit into
the "net range", but that range was already full...
Target Milestone: Future → 2.4
Comment on attachment 97274 [details] [diff] [review]
Patch v4

Since you did not object to my previous comment, carrying forward sr=darin
Attachment #97274 - Flags: superreview+
Rick, could you please review, too?
Comment on attachment 97274 [details] [diff] [review]
Patch v4

a=asa for checkin to 1.2beta (on behalf of drivers)
Attachment #97274 - Flags: approval+
fixed on trunk
This is identical to patch v4 with two differences:
- previous patch did no longer apply because of context changes, fixed
- I did not check in the added PR_LOG statements, to save me some merging
trouble with other patches I'm working on
marking fixed
Status: ASSIGNED → RESOLVED
Closed: 21 years ago21 years ago
Resolution: --- → FIXED
verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.