Sync error (may be related to certificate error)

RESOLVED WORKSFORME

Status

()

Core
Security: PSM
RESOLVED WORKSFORME
7 years ago
6 years ago

People

(Reporter: Benoit Friry, Unassigned)

Tracking

9 Branch
x86_64
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

7 years ago
Sync failed to complete. A "popup line" appeared at the bottom of the screen "Sync has not been able to complete during the last 7 days.  Please check you network settings."

Of course, Sync used to work correctly.

Sync log:
1327514102953	Sync.Service	INFO	Loading Weave 1.12.0
1327514102980	Sync.Engine.Bookmarks	DEBUG	Engine initialized
1327514102985	Sync.Engine.Forms	DEBUG	Engine initialized
1327514102988	Sync.Engine.History	DEBUG	Engine initialized
1327514102990	Sync.Engine.Passwords	DEBUG	Engine initialized
1327514102992	Sync.Engine.Prefs	DEBUG	Engine initialized
1327514102994	Sync.Engine.Tabs	DEBUG	Engine initialized
1327514102994	Sync.Engine.Tabs	DEBUG	Resetting tabs last sync time
1327514102995	Sync.Service	INFO	Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 Iceweasel/9.0.1
1327514103018	Sync.SyncScheduler	DEBUG	Clearing sync triggers.
1327514103143	Sync.SyncKeyBundle	INFO	SyncKeyBundle being created for benoiton
1327514103147	Sync.Service	DEBUG	Caching URLs under storage user base: https://scl2-sync844.services.mozilla.com/1.1/benoiton/
1327514103732	Sync.Engine.AdblockPlus	DEBUG	Engine initialized
1327514107714	Sync.Service	DEBUG	User-Agent: Iceweasel/9.0.1 FxSync/1.12.0.20111222080735.
1327514107714	Sync.Service	INFO	Starting sync at 2012-01-25 18:55:07
1327514107715	Sync.Service	DEBUG	In sync: should login.
1327514107716	Sync.Service	INFO	Logging in user benoiton
1327514109114	Sync.CertListener	DEBUG	Invalid HTTPS certificate encountered, ignoring!
1327514109117	Sync.Service	DEBUG	verifyLogin failed: null JS Stack trace: Res_get()@resource.js:473 < ()@service.js:744 < WrappedNotify()@util.js:148 < verifyLogin()@service.js:712 < ()@service.js:1000 < WrappedNotify()@util.js:148 < WrappedLock()@util.js:103 < WrappedCatch()@util.js:77 < WeaveSvc_login()@service.js:974 < ()@service.js:1266 < WrappedCatch()@util.js:77 < sync()@service.js:1262
1327514109118	Sync.SyncScheduler	DEBUG	Clearing sync triggers.

The invalid HTTPS certificate made me search this way.

HttpFox log:
(Request-Line)	GET /1.1/benoiton/info/collections HTTP/1.1
Host	scl2-sync844.services.mozilla.com
User-Agent	Iceweasel/9.0.1 FxSync/1.12.0.20111222080735.desktop
Accept	text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language	fr-fr,fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding	gzip, deflate
Accept-Charset	ISO-8859-15,utf-8;q=0.7,*;q=0.7
Connection	keep-alive
Authorization	Basic XXXXXXXXXXXXXXXXXXXXXX

There is no response.

When I open the https://scl2-sync844.services.mozilla.com in the URL, I get the "This Connection is Untrusted" page.  
The "technical details" are:
scl2-sync844.services.mozilla.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is not trusted.
(Error code: sec_error_untrusted_issuer)
But I have not any "I Understand the Risks" option (no "Add Exception" button).

My system date is ok (synchronized on NTP).
$ date
mercredi 25 janvier 2012, 19:51:19 (UTC+0100)
$ LANG=C date
Wed Jan 25 19:51:52 CET 2012

My Sync account is ok on another computer (1MB of data).
(Reporter)

Comment 1

7 years ago
I have just tried to add manually the certificate for scl2-sync844.services.mozilla.com (preferences/advanced/encryption/view certificates/add exception). I have restarted the browser. The certificate appears in the store.

The error remains: same error in the sync log, cannot access to https://scl2-sync844.services.mozilla.com in the browser.
In Options > Advanced > Encryption > View Certificates > Authorities, Please look to see how many certificates you have with the name "GeoTrust SSL CA." There should be one under the "GeoTrust Global CA" part of the tree. But, are there any others, in other parts of the tree? If so, please export those certificates, attach them here, and then delete them (only ones labeled "GeoTrust SSL CA"). Then restart Firefox and connect again. Let me know if this helps you. If it does, I know the cause.
Component: Security → Security: PSM
Product: Firefox → Core
QA Contact: firefox → psm
Benoit, here is another thing you can do: Click on "I understand the risks," then "Add exception," then "View" the certificate, then switch to the "Details" tab and take a screenshot of that dialog box. Then, please attach the screenshot here.
(Reporter)

Comment 4

7 years ago
- With FF v9, there was no "GeoTrust" certificate in the store.
  With FF v10, there was 3 "GeoTrust ..." certificates, but no "GeoTrust SSL CA".
  (I'm not in front of the computer, I will list the 3 certificates names later.
- I cannot click on "I understand the risk": there is no such option. It's especially strange! I do not remember anytime before such a situation (no option to add exception).
(Reporter)

Comment 5

7 years ago
- With FF v9, there was no "GeoTrust" certificate in the store.
  With FF v10, there was 3 "GeoTrust ..." certificates, but no "GeoTrust SSL CA".
  (I'm not in front of the computer, I will list the 3 certificates names later.
- I cannot click on "I understand the risk": there is no such option. It's especially strange! I do not remember anytime before such a situation (no option to add exception).
(In reply to Benoit Friry from comment #5)
> - I cannot click on "I understand the risk": there is no such option. It's
> especially strange! I do not remember anytime before such a situation (no
> option to add exception).

Please post a screenshot of that error page and/or copy/paste the text of the error page into a comment here.
(Reporter)

Comment 7

7 years ago
Created attachment 591840 [details]
Certificate error page when accessing to sync URL
(Reporter)

Comment 8

7 years ago
Certificates on my v10 : 

GeoTrust Global CA
GeoTrust Global CA 2
GeoTrust Universal CA
GeoTrust Universal CA 2
GeoTrust Primay Certification Authority
GeoTrust Primay Certification Authority - G3
GeoTrust Primay Certification Authority - G2

Screenshot added.
(Reporter)

Comment 9

7 years ago
How is it possible not to have the "I understand the risk" line in the warning box?
(Reporter)

Comment 10

6 years ago
v11 beta 2 has solved this issue:
 - I can add exception when visiting https://scl2-sync844.services.mozilla.com
 - added exception let me go through (previously added exception via preference menu did not work)

Note : v11 b1 did not work.

I close this bug as resolved: something has been corrected between v11 b1 and v11 b2.

I can do further investigation if someone thinks it's useful.

Thanks
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.