Closed Bug 307638 Opened 19 years ago Closed 19 years ago

OCSP requests don't work through a proxy server

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
1.5.0.x Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 111384

People

(Reporter: mozilla.bugzilla, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4

This bug has been in Firefox for months (I'm sure I've submitted it before for
versions < 1.0 but I can't find it), but I thought I'd try enabling OCSP
validation for certificates which provide a URL as an extra security feature.

I then tried surfing a vBulletin forum I frequent which has a Paypal donations
button (loaded over HTTPS). The resultant OCSP check doesn't seem to be able to
go through my work proxy server, the connection stays thusly:

  TCP    rogue:4297             12.166.243.30:http     SYN_SENT

And then after a timeout period of a minute or so, I get an error saying that I
can't connect to Paypal (presumably because the security check fails and Firefox
stops me in case it's malicious).

Reproducible: Always

Steps to Reproduce:
1. Turn on OCSP validation for certificates providing a URL
2. Enable a proxy server (I specify a .pac file, haven't tried manually setting
proxies per protocol)
3. Surf a secure website with an OCSP URL, or a site with secure elements like
Paypal donation buttons.

Actual Results:  
I got a standard HTTP connection to 12.166.243.30, which remains in SYN_SENT
(HTTP is firewalled off on our campus, forcing you to use the proxy servers).
After a timeout period, I get an error message popping up which reads:

"Error establishing an encrypted connection to www.paypal.com. Error Code: -5990"

Once I've OK'ed this error, my page loads as normal but without the HTTPS
elements (in this case, a Paypal donations button).

Expected Results:  
The software should have loaded the page with no errors, and included all the
elements. May be slightly slower than normal due to the extra HTTP transaction,
but the webpage should load without errors.
Known bug, please search before filing new ones. Dupe of Bug 111384. See also
Bug 220974.

*** This bug has been marked as a duplicate of 111384 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Version: unspecified → 1.5 Branch
You need to log in before you can comment on or make changes to this bug.