Closed
Bug 663801
Opened 13 years ago
Closed 13 years ago
Firefox 7.0a1 20110606030709 win32 build autoupdate is broken due aus3.mozilla.org certificate chain error
Categories
(mozilla.org Graveyard :: Server Operations, task)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: unghost, Assigned: oremj)
References
Details
Attachments
(2 files)
Firefox 7.0a1 20110606030709 win32 build doesn't update to last nightly build. Looks like it happens due aus3.mozilla.org certificate chain error, see screenshot. Update log in Error console: AUS:SVC getLocale - getting locale from file: C:\Program Files\Nightly\update.locale, locale: ru AUS:SVC Checker:getUpdateURL - update URL: https://aus3.mozilla.org/update/3/Firefox/7.0a1/20110606030709/WINNT_x86-msvc/ru/nightly/Windows_NT%206.1/default/default/update.xml?force=1 AUS:SVC gCanCheckForUpdates - able to check for updates AUS:SVC Checker:checkForUpdates - sending request to: https://aus3.mozilla.org/update/3/Firefox/7.0a1/20110606030709/WINNT_x86-msvc/ru/nightly/Windows_NT%206.1/default/default/update.xml?force=1 Attempt to use JS function on a different thread calling nsIPrivateBrowsingService.privateBrowsingEnabled. JS objects may not be shared across threads. AUS:SVC Checker:onError - request.status: 2153390067 AUS:SVC getStatusTextFromCode - transfer error: XML-файл обновления повреждён (200), default code: 200
Reporter | ||
Comment 1•13 years ago
|
||
OpenSSL connection to aus3.mozilla.org: OpenSSL> s_client -connect aus3.mozilla.org:443 Loading 'screen' into random state - done CONNECTED(00000190) depth=0 /C=US/ST=California/L=Mountain View/O=Mozilla/OU=Automatic Update System /CN=aus3.mozilla.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Mozilla/OU=Automatic Update System /CN=aus3.mozilla.org verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Mozilla/OU=Automatic Update System /CN=aus3.mozilla.org verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Mozilla/OU=Automatic Update System/CN =aus3.mozilla.org i:/C=US/O=Thawte, Inc./CN=Thawte SSL CA --- Server certificate -----BEGIN CERTIFICATE----- MIID8DCCAtigAwIBAgIPHo0PQBH+rUi2pI5wWXilMA0GCSqGSIb3DQEBBQUAMDwx CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxUaGF3dGUsIEluYy4xFjAUBgNVBAMTDVRo YXd0ZSBTU0wgQ0EwHhcNMTEwNTE5MDAwMDAwWhcNMTIwODEwMjM1OTU5WjCBiTEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcUDU1vdW50 YWluIFZpZXcxEDAOBgNVBAoUB01vemlsbGExIDAeBgNVBAsUF0F1dG9tYXRpYyBV cGRhdGUgU3lzdGVtMRkwFwYDVQQDFBBhdXMzLm1vemlsbGEub3JnMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7EJOsW+hiviPXPa+FlGYC8AQAEY5+DJ9 2M1AfGbBk5trjNhxMFpIW8qlsTsLHWrWjBFA5Wx9uad+O8GWuLUvhzeP6hq8NyGm mT6oBc85zMcSru/gVo3H+TbZSsWaTDi0zyQSY6nByLiFbabB02zqQCBDZg26V5ME uOIVdzV5IJ1s38tC/urddv7qXHqovOc7jejxafGzLqNxry0/QUf45IrtUbFslApV xPt9lZBbO3SYEzFpEC+ZW5PjnDeRmeq8wxRj0TH9Yr2j0cEhyHzT5wqtM228Wt5x 4dc9UzZQq2O6rjWw2q9lxuMSYvKLTM4Llme5/HUoyXwuFV3BgF/h5wIDAQABo4Gg MIGdMAwGA1UdEwEB/wQCMAAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL3N2ci1v di1jcmwudGhhd3RlLmNvbS9UaGF3dGVPVi5jcmwwHQYDVR0lBBYwFAYIKwYBBQUH AwEGCCsGAQUFBwMCMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDov L29jc3AudGhhd3RlLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAZildECw0IfMrAs4t ZqIomeAyo0T+JQj1O1M9vq0p5rcyhhuOiG3DjuKbTWREaT9nCGE4IdAiSVejNPRI 7WYACjFd/YVsKuEr7F6by003yeFfgDJ/oSeSUv2vk4K/gReEDV0P5fAC9YzHeirq EXxpXzygG1eofguWeqlHhYX1uAfmvyeQr3qgMQZwbaEqkOiP6BmNnsVq2xUJNezh TJWhbaeZr0sN8y68GU97YXayKrutIN88biHeYv9nh8Mr9PctpWwOFRqxmfHN8a31 iwd63Xg1VeUwnSY2doozDbVNgC+w3mPUh4zLYPY4GrJPpBaOAA9Nj4KygAYcgMgf PQ/zUA== -----END CERTIFICATE----- subject=/C=US/ST=California/L=Mountain View/O=Mozilla/OU=Automatic Update System /CN=aus3.mozilla.org issuer=/C=US/O=Thawte, Inc./CN=Thawte SSL CA --- No client certificate CA names sent --- SSL handshake has read 1186 bytes and written 460 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : RC4-SHA Session-ID: 6E4AF031391F782B4534C6F1C0EEEF341C898BF2C660B4B836AF453B574163CC Session-ID-ctx: Master-Key: D2C62902C4A25E8466DF9146092417704CBB601F0392D0521FE2582C2B91153E 3FF0C315CAEF24B7D2DEF7F7CDE2B22D Key-Arg : None Start Time: 1307972110 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- read:errno=0
Reporter | ||
Comment 2•13 years ago
|
||
Comment 3•13 years ago
|
||
If this is indeed the case, it's probably a ServerOps bug, and pretty serious. I can reproduce, too: OpenSSL> s_client -connect aus3.mozilla.org:443 CONNECTED(00000003) depth=0 /C=US/ST=California/L=Mountain View/O=Mozilla/OU=Automatic Update System/CN=aus3.mozilla.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Mozilla/OU=Automatic Update System/CN=aus3.mozilla.org verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Mozilla/OU=Automatic Update System/CN=aus3.mozilla.org verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Mozilla/OU=Automatic Update System/CN=aus3.mozilla.org i:/C=US/O=Thawte, Inc./CN=Thawte SSL CA --- Server certificate -----BEGIN CERTIFICATE----- MIID8DCCAtigAwIBAgIPHo0PQBH+rUi2pI5wWXilMA0GCSqGSIb3DQEBBQUAMDwx CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxUaGF3dGUsIEluYy4xFjAUBgNVBAMTDVRo YXd0ZSBTU0wgQ0EwHhcNMTEwNTE5MDAwMDAwWhcNMTIwODEwMjM1OTU5WjCBiTEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcUDU1vdW50 YWluIFZpZXcxEDAOBgNVBAoUB01vemlsbGExIDAeBgNVBAsUF0F1dG9tYXRpYyBV cGRhdGUgU3lzdGVtMRkwFwYDVQQDFBBhdXMzLm1vemlsbGEub3JnMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7EJOsW+hiviPXPa+FlGYC8AQAEY5+DJ9 2M1AfGbBk5trjNhxMFpIW8qlsTsLHWrWjBFA5Wx9uad+O8GWuLUvhzeP6hq8NyGm mT6oBc85zMcSru/gVo3H+TbZSsWaTDi0zyQSY6nByLiFbabB02zqQCBDZg26V5ME uOIVdzV5IJ1s38tC/urddv7qXHqovOc7jejxafGzLqNxry0/QUf45IrtUbFslApV xPt9lZBbO3SYEzFpEC+ZW5PjnDeRmeq8wxRj0TH9Yr2j0cEhyHzT5wqtM228Wt5x 4dc9UzZQq2O6rjWw2q9lxuMSYvKLTM4Llme5/HUoyXwuFV3BgF/h5wIDAQABo4Gg MIGdMAwGA1UdEwEB/wQCMAAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL3N2ci1v di1jcmwudGhhd3RlLmNvbS9UaGF3dGVPVi5jcmwwHQYDVR0lBBYwFAYIKwYBBQUH AwEGCCsGAQUFBwMCMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDov L29jc3AudGhhd3RlLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAZildECw0IfMrAs4t ZqIomeAyo0T+JQj1O1M9vq0p5rcyhhuOiG3DjuKbTWREaT9nCGE4IdAiSVejNPRI 7WYACjFd/YVsKuEr7F6by003yeFfgDJ/oSeSUv2vk4K/gReEDV0P5fAC9YzHeirq EXxpXzygG1eofguWeqlHhYX1uAfmvyeQr3qgMQZwbaEqkOiP6BmNnsVq2xUJNezh TJWhbaeZr0sN8y68GU97YXayKrutIN88biHeYv9nh8Mr9PctpWwOFRqxmfHN8a31 iwd63Xg1VeUwnSY2doozDbVNgC+w3mPUh4zLYPY4GrJPpBaOAA9Nj4KygAYcgMgf PQ/zUA== -----END CERTIFICATE----- subject=/C=US/ST=California/L=Mountain View/O=Mozilla/OU=Automatic Update System/CN=aus3.mozilla.org issuer=/C=US/O=Thawte, Inc./CN=Thawte SSL CA --- No client certificate CA names sent --- SSL handshake has read 1169 bytes and written 409 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: B6F131B3018C5C4B127EA162622EFF68E0C496C0C88928284E20DCFE51B65ED2 Session-ID-ctx: Master-Key: 276B6379DD30047686CF42223E07160502C43E68933C68D2D69F65B70978EB38C0BB5E1634324073B310D0E8D59DF940 Key-Arg : None Start Time: 1307973764 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) ---
Assignee: nobody → server-ops
Severity: normal → critical
Component: Release Engineering → Server Operations
QA Contact: release → mrz
Reporter | ||
Comment 4•13 years ago
|
||
Bug 663792 is dup of this bug (or vice versa)
Assignee | ||
Updated•13 years ago
|
Assignee: shyam → jeremy.orem+bugs
Assignee | ||
Comment 7•13 years ago
|
||
Looks like we were missing an intermediate. Should be fixed now.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•