Closed Bug 135614 Opened 23 years ago Closed 23 years ago

OCSP Popup: error establishing encrypted connection error code -5985

Categories

(Core Graveyard :: Security: UI, defect, P2)

Other Branch
x86
Windows NT
defect

Tracking

(Not tracked)

VERIFIED DUPLICATE of bug 130885
psm2.3

People

(Reporter: holbitlan, Assigned: KaiE)

References

()

Details

Since I installed Mozilla 0.9.9 (Build 2002031104) on WinNT I can't establish an
secure connection to https://www2.postbank-banking.de/

Steps to reproduce:
- enter "http://www2.postbank-banking.de/" in the location bar and press enter
(I'm using a proxy, the error occurs with manual and automatic proxy-configuration)

Expected result:
- warning-popup "You have requested an encrypted page..."
- the page loads

Actual result:
- an Alert-popup: "Error establishing an ancrypted connection to
www2.postbank-banking.de. Error Code: -5985."

With Netscape 4.7x and IE 5.5 (identical proxy-configuration) I have no problems
at all loading and using the given site.

I'm not sure whether this bug relates to Mozilla or PSM...?
I'm sure I used this site with Mozilla 0.9.6 up to 0.9.8 and some nigthlies
short after 0.9.8 without problems.
Do you use squid proxy ?

If yes : dupe of bug 92742

-> PSM
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bsharma → junruh
Version: other → unspecified
Yes, I'm using Squid 2.4 STABLE 3.

BUT!!!

Following differences to bug 92742:
- no problems until Mozilla 0.9.8 and some nigthlies short after (in bug 92742:
already 0.9.4 was affected)
- squid runs on our corporate proxy-server (not locally)
- OS is NT (not Linux)

I don't think this is a dupe of 92742
with Mozilla build 2002020406 (that is 0.9.8) with Win2000 and SQUID 2.4 STABLE 3 
I had no problems accessing https://www2.postbank-banking.de/

I tried also https://banking.advance-bank.de/ with the same result: 
build 2002020406 works, build 2002031104 shows the alert-popup and does nothing.

So, there must have been any change between 0.9.8 and 0.9.9 which caused the bug.

Changed severety to blocker.
Severity: critical → blocker
cc kaie
Priority: -- → P3
-5985 means: Network address type not supported.

Does this make sense?
I don't know why we are getting that error.
Target Milestone: --- → Future
I am also getting Error: -5985

I just started to see this happen with Mozilla 1.0rc1 on the site
https://online.1sttech.com/homebanking/login.html

I was able to use the site previously with 0.9.9 and it works fine with IE 6.

I am inside a firewall that does use Squid as our proxy servers.
I also get the error on https://www2.postbank-banking.de/.  Is anyone doing
anything about this bug?

This seems like a big issue to me.

It is happening for multiple sites for me.  I get this on most sites now.

Though the link: https://www.aracnet.com/cgi-bin/blacklist.cgi works for me
Cool I figured it out.  While reading Bug 12926 I saw the following:

"Reporter, are you using OCSP? Edit>Prefs>Privacy>Validation. If so, try turning 
off OCSP. If that does not work, can you try resetting your Master Password? 
Edit>Prefs>Privacy>Master Passwords>Reset Password."

I had gone through and turned on: "Use OSCP to validate only certificates that
specify an OCSP service URL" after installing 1.0rc1 and that is when my
troubles started.

When I set it to: "Do not use OCSP for certificate validation" then my troubles
went away :)
Thanks for finding this out. I looks like our OCSP handling is either broken, or
handling of ocsp server failures are not handled very well.
This may be a regression if OCSP is broken 
Assignee: ssaux → kaie
Keywords: nsbeta1+, regression
Priority: P3 → P2
Summary: Popup: error establishing encrypted connection error code -5985 → OCSP Popup: error establishing encrypted connection error code -5985
Whiteboard: [adt2] RTM
Target Milestone: Future → 2.3
Interesting effect: After John's mail I upgraded to 1.0rc1 and turned OCSP off.

Result: the sites work again.

Then I turned OCSP back to "Use OSCP to validate only certificates that
specify an OCSP service URL" not exiting Mozilla

Result: the sites I have already visited still work (sometimes I get the
error-popup but afterwards loading continues. I didn't find a scheme for this),
sites I didn't visit after turning OCSP off didn't work.

Then I exited from Mozilla completely (including Quick Launch) and restarted it.

Result: with OCSP the error returned.
Looks like a dupe of bug 130885 - general OCSP failure.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Severity: blocker → normal
I agree it is duplicate. Although the reported error codes are different (this
one: -5985, the other one: -8073), when I try to access the URLs reported in
this bug, I see the error code from the other bug...


*** This bug has been marked as a duplicate of 130885 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Keywords: nsbeta1+, regression
Resolution: --- → DUPLICATE
Whiteboard: [adt2] RTM
Verified dupe.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.