Closed Bug 323872 Opened 20 years ago Closed 20 years ago

https proxy partly ignored (direct http connection to ocsp.verisign.com necessary)

Categories

(Firefox :: Shell Integration, defect)

Product:
Firefox
Component:
Shell Integration
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 152426

People

(Reporter: peter.renner, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8) Gecko/20051111 Firefox/1.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8) Gecko/20051111 Firefox/1.5 when loading https://www.netbanking.at Firefox 1.5 does some initial https proxy connection, BUT THEN tries a DIRECT internet connection (to http://ocsp.verisign.com !) IGNORING the proxy settings, and afterwards it continues to use the proxy as defined. As the firewall on the PC forbids proxy bypasses the page doesen't load. => i have to allow Firefox to connect to ocsp.verisign.com (12.166.243.30) Reproducible: Always Steps to Reproduce: 1.define proxy setting in Firefox for http and https 2.deny all outgoing connections to port 80 (firewall setting) 3.try to load https://www.netbanking.at or https://www.heise.de/security/dienste/browsercheck/demos/ie/verwundbar.html Actual Results: Firefox can't be used for https servers (netbanking) when behind a proxy. Ethereal protocol analyer shows intermittend DIRECT http connection to ocsp.verisign.com (probably verifying the validity of the certificate the https server presented ?) This happens ONCE after starting Firefox when connecting to https://www.netbanking.at. Allowing that direct connetion once, surfing to other sites (no tabs, single window) and then back to https://www.netbanking.at Firefox doesn't try to connect to that verisign host again! Expected Results: Firefox should do that weird connection to ocsp.verisign.com (if it has to do that) via the http proxy, just as it does any other http connection. (my guess: bug lies in https-server-certificate-verification-code) Verified in latest Firefox build "Deer Park 1.6a1": Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20060117 Firefox/1.6a1 "Error establishing an encrypted connect to www.netbanking.at. Error Code: -5994" The errorcode in Firefox 1.5 Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8) Gecko/20051111 Firefox/1.5 returns a german message and gives "Code -5981" the latest Mozilla build "SeaMonkey 1.5a" Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20060117 SeaMonkey/1.5a works fine, no errors, no direct http connection attempts, as do Netscape 7.1, Mozilla 1.7, and any other browser i have/had installed.
This looks like a dupe of bug 152426
sorry, is indeed a duplicate of 152426 as Nick Thomas just has suggested. my bad, i did not search bugzilla using "ocsp"(.verisign.com) as search term. *** This bug has been marked as a duplicate of 152426 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
*** Bug 323878 has been marked as a duplicate of this bug. ***
SOLUTION IS AVAILABLE! SOLUTION IS AVAILABLE! enter the following url: about:config typ into field "filter": ocsp find line with says security.OCSP.enabled and set to to "false"
Or simply go to Extras -> Einstellungen (english: Menu Extra -> Settings?) There to Erweitert -> Sicherheit -> Verifizierung and switch off OCSP-checking. If only the https connect error message would point to that option.
You need to log in before you can comment on or make changes to this bug.