Closed Bug 219890 Opened 21 years ago Closed 21 years ago

When viewing https page, http connection to certification authority does not honour proxy setting

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 111384

People

(Reporter: mozillabugzilla, Assigned: darin.moz)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020830
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624

Win98 is behind a firewall, which allows https connections initiated from the
Win98 box, but blocks http.  http proxy is set to point to squid on a Linux
bastion host.  In normal usage, http works fine.  However, the above https://
URL cannot be viewed.

The following network traffic is seen:
1) ARP broadcast
2) ARP reply
3) Win98:1158 to 66.187.232.110:https (rhn.redhat.com): TCP [SYN]
4) 66.187.232.110:https to Win98:1158 : TCP [SYN,ACK]
5) Win98:1158 to 66.187.232.110:https : TCP [ACK]
6) Win98:1158 to 66.187.232.110:https : SSLv2 Client Hello
7) 66.187.232.110:https to Win98:1158 : TCP [ACK]
8) 66.187.232.110:https to Win98:1158 : TLS Server Hello, Certificate, Server
Hello Done
9) Win98:1159 to 216.168.253.65:http (ocsp.verisign.net.) : TCP [SYN]
10)Win98:1158 to 66.187.232.110:https : TCP [ACK]
11)Win98:1159 to 216.168.253.65:http  : TCP [SYN]
12)ARP broadcast
13)ARP reply
14)Win98:1159 to 216.168.253.65:http  : TCP [SYN]
15)Win98:1159 to 216.168.253.65:http  : TCP [SYN]

Note that, at packets 9, 14, 15, Mozilla on the Win98 box is trying to establish
a direct http connection with Verisign, rather than going through the proxy.

A workround is to allow http (in addition to https) direct outgoing connections
through the firewall, but surely this should not be necessary.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.



Expected Results:  
http connection request for Verisign should go the configured proxy.
Speaking of SSL, any webpages are not being cached via SSL.  My understanding is
that proxy server make a copy of a webpage where it can be use again and again
without going out to the original website to retrieve a webpage.  Could the
problem be the Internet Header though?
Which error message Do you get ?

> Which error message Do you get ?

"Error establishing an encrypted connection to rhn.redhat.com.  Error Code: -5933."
Such an error message should be always included !
(btw: I expected this error)

open Edit\preferences\Privacy&Security\Validation\ and select
[x]Do not use OSCP for Validation


*** This bug has been marked as a duplicate of 111384 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.