1853171 - Wrong error message for OCSP error when using proxy with authentication

Status: UNCONFIRMED

(Core :: Networking: Proxy, defect, P2)

Description

[Heiko]

Steps to reproduce:

1. Set a web proxy that requires an authentication.
2. Access a page that provides an OCSP url without having an server that answers correctly.

---

Firefox used: FF ESR 115.2.0
Proxy supported protocols: HTTP, HTTPS
Proxy authentication: NTLM

Actual results:

FF shows an generic error message to the users and dev tools console shows an 407 error for the connection.

Expected results:

FF shows an OCSP error to the user without 407 error in the dev tools console.

Comment 1

[Heiko]

Attachment: website_ocsperr_NoProxyAuth.png

Comment 2

[Heiko]

Attachment: website_ocsperr_NoProxyAuth.txt

Comment 3

[Heiko]

Attachment: website_ocsperr_ProxyAuth.png

Comment 4

[Heiko]

Attachment: website_ocsperr_ProxyAuth.txt

Comment 5

[BugBot [:suhaib / :marco/ :calixte]]

The Bugbug bot thinks this bug should belong to the 'Core::Networking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Comment 6

[BMO Automation]

Moving bug to Core/Networking: Proxy.

Comment 7

[BMO Automation]

Moving bug to Core/Networking: Proxy

Comment 8

[Valentin Gosu [:valentin] (he/him) {{ FYI: OOO 14 June - 4 August }}]

Hi Heiko,

Are you still seeing this issue?
Is the problem that the Proxy authentication fails, or that we show the OCSP error when that happens?

Comment 9

[Heiko]

Hi Valentin,
I can't verify if it still occurs, but I think it still exists. Verifying would be complicated (find test page with broken ocsp server; change gpos temporary).

The problem is that the error message is not detailed enough when the proxy requires authentication.
First set the about.config preference that "requires OCSP checks to be success" to true. When you then open a page that promote a OCSP server address and this server isn't working correctly, Firefox should show the error "SEC_ERROR_OCSP_SERVER_ERROR". This error message is shown as long your web proxy doesn't require an authentication. So far so good.
But if your web proxy requires an authentication then the error message shows the general error "Error: Secured connection has failed" WITHOUT ANY ERROR CODE and the developer console shows the error message "407 Authentication Required".

You can compare the screenshots in the attachment list.

I hope the problem is now more clear to you.

Comment 10

[Heiko]

(In reply to Heiko from comment #9)

Hi Valentin,
I can't verify if it still occurs, but I think it still exists. Verifying would be complicated (find test page with broken ocsp server; change gpos temporary).

The problem is that the error message is not detailed enough when the proxy requires authentication.
First set the about.config preference that "requires OCSP checks to be success" to true. When you then open a page that promote a OCSP server address and this server isn't working correctly, Firefox should show the error "SEC_ERROR_OCSP_SERVER_ERROR". This error message is shown as long your web proxy doesn't require an authentication. So far so good.
But if your web proxy requires an authentication then the error message shows the general error "Error: Secured connection has failed" WITHOUT ANY ERROR CODE and the developer console shows the error message "407 Authentication Required".

You can compare the screenshots in the attachment list.

I hope the problem is now more clear to you.

And I should mention that this happens for web pages that are accessible through the proxy. Local Intranet sites are not affected.

Comment 11

[Valentin Gosu [:valentin] (he/him) {{ FYI: OOO 14 June - 4 August }}]

But if your web proxy requires an authentication then the error message shows the general error "Error: Secured connection has failed" WITHOUT ANY ERROR CODE and the developer console shows the error message "407 Authentication Required".

Thank you for the clarification.