Closed
Bug 203057
Opened 21 years ago
Closed 21 years ago
SSL Web site not displayed (using Proxy + NTLM)
Categories
(Core :: Networking: HTTP, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla1.4beta
People
(Reporter: stuart_nock, Assigned: darin.moz)
References
()
Details
(Keywords: topembed, Whiteboard: [NTLM])
Attachments
(1 file)
|
2.56 KB,
patch
|
dougt
:
review+
bzbarsky
:
superreview+
sspitzer
:
approval1.4b+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030423 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030423 I am a new mozilla user. When connecting to any secure (https) web site via a proxy server I get prompted for my proxy account and then nothing further happens, the displayed page does not change and the status is reported as done. I have seen this work fine when connected directly to the internet. Reproducible: Always Steps to Reproduce: 1.start mozilla 2.Enter https://sourceforge.net 3. Actual Results: As described in details - prompt for proxy then nothing Expected Results: Display the secure web site
|
||
Comment 1•21 years ago
|
||
are you using a proxy which require NTLM ? What proxy is this (does it require a login/pass) ?
|
||
Comment 2•21 years ago
|
||
not security -> Networking Do you have the proxy in your Mozilla proxy settings (SSL Proxy) ? Does this proxy work with other browsers ?
Assignee: mstoltz → darin
Component: Security: CAPS → Networking
QA Contact: carosendahl → benc
|
Reporter | |
Comment 3•21 years ago
|
||
Oliver My proxy requires NTLM - it is MS proxy 2.0 and requires a domain/user login Matti SSL proxy is configured, and the same settings work fine in IE
|
|
||
Comment 4•21 years ago
|
||
*** This bug has been marked as a duplicate of 35159 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
|
|
||
Comment 5•21 years ago
|
||
imho, this is not a dupe but this is a rather serious issue, perhaps similar to bug 201054. Darin ?
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
|
|
||
Comment 6•21 years ago
|
||
Marking NEW.
Status: UNCONFIRMED → NEW
Component: Networking → Networking: HTTP
Ever confirmed: true
QA Contact: benc → httpqa
Summary: Secure Web site not displayed → SSL Web site not displayed (using Proxy + NTLM)
Whiteboard: [NTLM]
On our site we're seeing the same/a similar problem; although NTLM over http: works a treat (internally and through our proxy), https: fails. If I try to access a secure site on the main Internet through our proxy (Squid) using the Win32 1.4a-release (on Win2000), squid returns the 'you must authenticate yourself' error page (note: not the invalid password/auth) *even though* moz has asked for the username/password for the proxy [and this has been typed correctly. I'd like to request upping the severity of this, as it makes 1.4a unusable - we've had to regress to 1.3. Further note: the Squid [linux] proxy is configured to offer Basic auth as well (which of course is what 1.3 picks up) after NTLM, but moz (correctly?) doesn't fall back to it.
|
|
||
Comment 8•21 years ago
|
||
Neil, please use a nightly build as 1.4a didn't have the fix for bug 201054. Can one of you seeing the issue post a log ? Instructions: set NSPR_LOG_MODULES=nsHttp:5 set NSPR_LOG_FILE=c:\mozhttp.log mozilla.exe
|
|
Reporter | |
Comment 9•21 years ago
|
||
Oliver, Below is a log as requested - initally I connect to a local web page that required authentication and then via the proxy server to https://sourceforge.net 0[2340a0]: Creating nsHttpHandler [this=235fb0]. 0[2340a0]: nsHttpHandler::Init 0[2340a0]: nsHttpHandler::PrefsChanged [pref=(null)] 0[2340a0]: nsHttpAuthCache::Init 0[2340a0]: Creating nsHttpConnectionMgr @1257190 0[2340a0]: nsHttpConnectionMgr::Init 0[2340a0]: nsHttpHandler::StartPruneDeadConnectionsTimer 0[2340a0]: nsHttpHandler::BuildUserAgent 0[2340a0]: nsHttpHandler::Observe [topic="profile-change-net-teardown")] 0[2340a0]: nsHttpHandler::StopPruneDeadConnectionsTimer 0[2340a0]: nsHttpAuthCache::ClearAll 0[2340a0]: nsHttpConnectionMgr::Shutdown 1764[1205760]: nsHttpConnectionMgr::OnMsgShutdown 0[2340a0]: nsHttpHandler::Observe [topic="xpcom-shutdown")] 0[2340a0]: nsHttpHandler::StopPruneDeadConnectionsTimer 0[2340a0]: nsHttpAuthCache::ClearAll 0[2340a0]: nsHttpConnectionMgr::Shutdown 0[2340a0]: Deleting nsHttpHandler [this=235fb0] 0[2340a0]: nsHttpConnectionMgr::Shutdown 0[2340a0]: Destroying nsHttpConnectionMgr @1257190
|
||
Comment 10•21 years ago
|
||
I'm afraid it's even worse ("latest" trunk build 23-APR). Starting with the
original problem, it's still there: if I start moz (command line) with an https
site, I get the usual password prompt, then a blank page.
Bashing return on the URL bar to resubmit the page then gives me the
cache-denied (no auth) Squid error:
0[232b18]: Creating nsHttpHandler [this=de8070].
0[232b18]: nsHttpHandler::Init
0[232b18]: nsHttpHandler::PrefsChanged [pref=(null)]
0[232b18]: nsHttpAuthCache::Init
0[232b18]: Creating nsHttpConnectionMgr @e5fcc0
0[232b18]: nsHttpConnectionMgr::Init
0[232b18]: nsHttpHandler::StartPruneDeadConnectionsTimer
0[232b18]: nsHttpHandler::BuildUserAgent
0[232b18]: nsHttpHandler::Observe [topic="profile-change-net-teardown")]
0[232b18]: nsHttpHandler::StopPruneDeadConnectionsTimer
0[232b18]: nsHttpAuthCache::ClearAll
0[232b18]: nsHttpConnectionMgr::Shutdown
2472[ddece8]: nsHttpConnectionMgr::OnMsgShutdown
0[232b18]: nsHttpHandler::Observe [topic="xpcom-shutdown")]
0[232b18]: nsHttpHandler::StopPruneDeadConnectionsTimer
0[232b18]: nsHttpAuthCache::ClearAll
0[232b18]: nsHttpConnectionMgr::Shutdown
0[232b18]: Deleting nsHttpHandler [this=de8070]
0[232b18]: nsHttpConnectionMgr::Shutdown
0[232b18]: Destroying nsHttpConnectionMgr @e5fcc0
What's *worse* is that we use a .pac proxy config. file here; the latest trunk
build wouldn't access the Net at *all* with this in place (hgttp or https). It
seemed to be trying to get straight out then timing out - I could only get the
previous log by manually setting up http/https proxy settings. Here's the .pac
attempt log:
0[232b18]: Creating nsHttpHandler [this=dd2a78].
0[232b18]: nsHttpHandler::Init
0[232b18]: nsHttpHandler::PrefsChanged [pref=(null)]
0[232b18]: nsHttpAuthCache::Init
0[232b18]: Creating nsHttpConnectionMgr @e4a3e0
0[232b18]: nsHttpConnectionMgr::Init
0[232b18]: nsHttpHandler::StartPruneDeadConnectionsTimer
0[232b18]: nsHttpHandler::BuildUserAgent
0[232b18]: nsHttpHandler::Observe [topic="profile-change-net-teardown")]
0[232b18]: nsHttpHandler::StopPruneDeadConnectionsTimer
0[232b18]: nsHttpAuthCache::ClearAll
0[232b18]: nsHttpConnectionMgr::Shutdown
2576[d8c0f0]: nsHttpConnectionMgr::OnMsgShutdown
0[232b18]: nsHttpHandler::Observe [topic="xpcom-shutdown")]
0[232b18]: nsHttpHandler::StopPruneDeadConnectionsTimer
0[232b18]: nsHttpAuthCache::ClearAll
0[232b18]: nsHttpConnectionMgr::Shutdown
0[232b18]: Deleting nsHttpHandler [this=dd2a78]
0[232b18]: nsHttpConnectionMgr::Shutdown
0[232b18]: Destroying nsHttpConnectionMgr @e4a3e0
0[232ae8]: nsHttpHandler::Observe [topic="xpcom-shutdown")]
0[232ae8]: nsHttpHandler::StopPruneDeadConnectionsTimer
0[232ae8]: nsHttpAuthCache::ClearAll
0[232ae8]: nsHttpConnectionMgr::Shutdown
0[232ae8]: Deleting nsHttpHandler [this=e09a38]
0[232ae8]: nsHttpConnectionMgr::Shutdown
0[232ae8]: Destroying nsHttpConnectionMgr @e616d8
I manually quit both, BTW; dunnno how much of the log shows moz exiting.
|
Assignee | |
Comment 11•21 years ago
|
||
stuart, neil: can you guys please submit your entire log file? or if you prefer feel free to email it to me instead. thank you!
Severity: normal → critical
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → mozilla1.4beta
|
|
||
Comment 12•21 years ago
|
||
That *was* the entire file [each time], from command-line start to File/Quit.
|
|
Reporter | |
Comment 13•21 years ago
|
||
Darin, As Neil says, the log file as posted was complete
|
|
Assignee | |
Comment 14•21 years ago
|
||
ah, ok... in that case, the log file doesn't tell us anything :-( ... 0[2340a0]: nsHttpHandler::BuildUserAgent at this point in the log file, the HTTP handler has been initialized. the next line is the start of browser shutdown. 0[2340a0]: nsHttpHandler::Observe [topic="profile-change-net-teardown")] ... it would appear that not a single request made its way into the networking library. perhaps the HTTP protocol handler is somehow not getting initialized... i'm not sure. what happens if you try to load a normal http:// site? can you capture a new log file that shows you loading http://www.mozilla.org/ followed by https://sourceforge.net/? thanks!
|
|
Reporter | |
Comment 15•21 years ago
|
||
Darin, Here is the log as requested .. The process followed was launch mozilla with a blank home page. Go to www.mozilla.org, this was cached so I reloaded it, then launch https://sourceforge.net. The log produced is listed below: 0[234090]: Creating nsHttpHandler [this=235fb8]. 0[234090]: nsHttpHandler::Init 0[234090]: nsHttpHandler::PrefsChanged [pref=(null)] 0[234090]: nsHttpAuthCache::Init 0[234090]: Creating nsHttpConnectionMgr @1253280 0[234090]: nsHttpConnectionMgr::Init 0[234090]: nsHttpHandler::StartPruneDeadConnectionsTimer 0[234090]: nsHttpHandler::BuildUserAgent 0[234090]: nsHttpHandler::Observe [topic="profile-change-net-teardown")] 0[234090]: nsHttpHandler::StopPruneDeadConnectionsTimer 0[234090]: nsHttpAuthCache::ClearAll 0[234090]: nsHttpConnectionMgr::Shutdown 1792[11fae68]: nsHttpConnectionMgr::OnMsgShutdown 0[234090]: nsHttpHandler::Observe [topic="xpcom-shutdown")] 0[234090]: nsHttpHandler::StopPruneDeadConnectionsTimer 0[234090]: nsHttpAuthCache::ClearAll 0[234090]: nsHttpConnectionMgr::Shutdown 0[234090]: Deleting nsHttpHandler [this=235fb8] 0[234090]: nsHttpConnectionMgr::Shutdown 0[234090]: Destroying nsHttpConnectionMgr @1253280 40a0]: nsHttpHandler::Observe [topic="profile-change-net-teardown")] 0[2340a0]: nsHttpHandler::StopPruneDeadConnectionsTimer 0[2340a0]: nsHttpAuthCache::ClearAll 0[2340a0]: Destroying nsHttpAuthNode @30cb680 0[2340a0]: nsHttpConnectionMgr::Shutdown 1444[11f92d8]: nsHttpConnectionMgr::OnMsgShutdown 1444[11f92d8]: nsHttpConnection::Close [this=284e488 reason=80004004] 1444[11f92d8]: nsHttpConnection::Close [this=3110308 reason=80004004] 0[2340a0]: Destroying nsHttpChannel @307e200 0[2340a0]: nsHttpResponseHead::Reset 0[2340a0]: nsHttpHandler::Observe [topic="xpcom-shutdown")] 0[2340a0]: nsHttpHandler::StopPruneDeadConnectionsTimer 0[2340a0]: nsHttpAuthCache::ClearAll 0[2340a0]: nsHttpConnectionMgr::Shutdown
|
|
Assignee | |
Comment 16•21 years ago
|
||
hmm.. that log file is not at all consistent with the steps you described. do you by any chance have "quick launch" enabled?
|
|
Reporter | |
Comment 17•21 years ago
|
||
Sorry quick launch was enabled - The test has been recompleted and the new log file is too big to post here so I have mailed it direct to Darin.
|
|
||
Comment 18•21 years ago
|
||
I'm not ignoring this, BTW, but I don't have much time available at work to keep reinstalling moz :) If there's any log I can generate that Stuart can't or you need to double-check something, let me know.
|
|
Assignee | |
Comment 19•21 years ago
|
||
ok, so this is actually a regression from my fix for bug 201370. SSL proxy CONNECT w/ auth creates a situation in which the transaction is closed w/ mSentData == FALSE and mReceivedData == TRUE. this seems like a counterintuitive state for the transaction since it should only receive data if it sent data. however, the implementation of SSL proxy CONNECT is such that the CONNECT request is issued not by the transaction but by the connection itself. however, the connection uses the transaction to parse the CONNECT response. if the response is not 200, then the connection closes the transaction so the transaction can report the error code to the upper layers (the http channel). as a result, the transaction has not written anything itself, but has read some stuff :-/ so, this patch revises the solution to bug 201370 with the behavior of SSL proxy CONNECT in mind.
|
|
Assignee | |
Updated•21 years ago
|
Attachment #122139 -
Flags: superreview?(bzbarsky)
Attachment #122139 -
Flags: review?(dougt)
|
||
Updated•21 years ago
|
Attachment #122139 -
Flags: review?(dougt) → review+
|
|
Assignee | |
Updated•21 years ago
|
Attachment #122139 -
Flags: superreview?(bz-bugspam) → superreview?(alecf)
|
|
Assignee | |
Updated•21 years ago
|
|
||
Updated•21 years ago
|
Attachment #122139 -
Flags: superreview?(alecf) → superreview+
|
|
Assignee | |
Comment 20•21 years ago
|
||
Comment on attachment 122139 [details] [diff] [review] v1 patch requesting drivers approval for 1.4 beta.
Attachment #122139 -
Flags: approval1.4b?
|
||
Comment 21•21 years ago
|
||
Comment on attachment 122139 [details] [diff] [review] v1 patch a=sspitzer
Attachment #122139 -
Flags: approval1.4b? → approval1.4b+
|
|
Assignee | |
Comment 22•21 years ago
|
||
fixed-on-trunk
Status: ASSIGNED → RESOLVED
Closed: 21 years ago → 21 years ago
Resolution: --- → FIXED
|
|
||
Comment 23•21 years ago
|
||
Build ID: 2003050610 - I can now access the Net (both http & https) using NTLM. However, I still have to enter the proxy details manually: using the (works-for-1.3) .pac file that our IT supplies seems to make both http & https try to access the Net directly (i.e., it seems to be ignored). Is this related to this bug, or 1.4 in general? Not quite sure how impl. of NTLM would break .pac parsing. Is there some useful debug-out I could get (beyond the stuff I already posted)? PS - is there a list, source aside, of debug env. vars. that can be set?
|
||
Updated•21 years ago
|
Flags: blocking1.4b?
|
||
Comment 24•21 years ago
|
||
Neil: If you have a problem that occurs only w/ PAC and goes away w/ manual config, please file a new bug. This stuff got dropped on us mid-flight, so I haven't looked at all the real-world permutations and vetted the problems yet.
|
|
||
Comment 25•21 years ago
|
||
Hmm - it's now working (same build). I have in between times deleted the stored [Basic auth] proxy password, /and/ logged out/in of Win2K [and possibly re-installed Moz - been fiddling with a plugin of mine]. Seems to be working a treat now, anyway.
|
|
||
Comment 26•20 years ago
|
||
*** Bug 204088 has been marked as a duplicate of this bug. ***
You need to log in
before you can comment on or make changes to this bug.
Description
•