270676 - Lock icon displayed for insecure web page

Status: RESOLVED DUPLICATE of bug 268483

(Firefox :: General, defect)

Description

[Chris Colohan]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Right now our online class registration computer is down.  I discovered this by
going to http://www.cmu.edu/hub/, and clicking on the "On-Line Registration"
link.  The browser never got through, and the displayed page didn't change.

What _did_ change was the lock icon in both the URL bar and the bottom right
corner of the browser.  My browser now clearly says that http://www.cmu.edu/hub/
is a secure page!  It appears as though the connection to the link (which is
https://acis.as.cmu.edu/olr/) got through just far enough to pass the
certificate check, but failed to return any data.

So I am now looking at an insecure page, and every indication from my browser
says it is fully secured with AES 256 bit high grade encryption.  (I can verify
this by double clicking on the lock icon and viewing the security info for the
page.)

Reproducible: Always
Steps to Reproduce:
1.  Wait for CMU's on-line registration system to crash.
2.  Go to http://www.cmu.edu/hub
3.  Click on the "On-Line Registration" link.
4.  Observe that Firefox says that the current page is secure, while it is not.



Expected Results:  
The lock icon should only appear when displaying a page secured via SSL.

Comment 1

[Daniel Veditz [:dveditz]]

The same problem was recently reported by someone else. Coincidence, or did we
break something in the 1.0 final rush?

*** This bug has been marked as a duplicate of 268483 ***