Closed
Bug 219890
Opened 21 years ago
Closed 21 years ago
When viewing https page, http connection to certification authority does not honour proxy setting
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 111384
People
(Reporter: mozillabugzilla, Assigned: darin.moz)
References
()
Details
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020830 Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624 Win98 is behind a firewall, which allows https connections initiated from the Win98 box, but blocks http. http proxy is set to point to squid on a Linux bastion host. In normal usage, http works fine. However, the above https:// URL cannot be viewed. The following network traffic is seen: 1) ARP broadcast 2) ARP reply 3) Win98:1158 to 66.187.232.110:https (rhn.redhat.com): TCP [SYN] 4) 66.187.232.110:https to Win98:1158 : TCP [SYN,ACK] 5) Win98:1158 to 66.187.232.110:https : TCP [ACK] 6) Win98:1158 to 66.187.232.110:https : SSLv2 Client Hello 7) 66.187.232.110:https to Win98:1158 : TCP [ACK] 8) 66.187.232.110:https to Win98:1158 : TLS Server Hello, Certificate, Server Hello Done 9) Win98:1159 to 216.168.253.65:http (ocsp.verisign.net.) : TCP [SYN] 10)Win98:1158 to 66.187.232.110:https : TCP [ACK] 11)Win98:1159 to 216.168.253.65:http : TCP [SYN] 12)ARP broadcast 13)ARP reply 14)Win98:1159 to 216.168.253.65:http : TCP [SYN] 15)Win98:1159 to 216.168.253.65:http : TCP [SYN] Note that, at packets 9, 14, 15, Mozilla on the Win98 box is trying to establish a direct http connection with Verisign, rather than going through the proxy. A workround is to allow http (in addition to https) direct outgoing connections through the firewall, but surely this should not be necessary. Reproducible: Always Steps to Reproduce: 1. 2. 3. Expected Results: http connection request for Verisign should go the configured proxy.
Comment 1•21 years ago
|
||
Speaking of SSL, any webpages are not being cached via SSL. My understanding is that proxy server make a copy of a webpage where it can be use again and again without going out to the original website to retrieve a webpage. Could the problem be the Internet Header though?
Comment 2•21 years ago
|
||
Which error message Do you get ?
Reporter | ||
Comment 3•21 years ago
|
||
> Which error message Do you get ?
"Error establishing an encrypted connection to rhn.redhat.com. Error Code: -5933."
Comment 4•21 years ago
|
||
Such an error message should be always included ! (btw: I expected this error) open Edit\preferences\Privacy&Security\Validation\ and select [x]Do not use OSCP for Validation *** This bug has been marked as a duplicate of 111384 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•