Closed
Bug 84336
Opened 23 years ago
Closed 23 years ago
ecommerce sites deliver blank pages if cipher is not available
Categories
(Core Graveyard :: Security: UI, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
psm2.1
People
(Reporter: lord, Assigned: inactive-mailbox)
References
Details
Attachments
(1 file)
726 bytes,
patch
|
Details | Diff | Splinter Review |
In recent builds, some HTTPS sites show empty pages. When you View Source, the pages look like this: <html><body></body></html> Here are some sites that exhibit this behavior: https://www.netplaza.com/ https://www.cofcu.org/onlineserv/HB/Signon.cgi https://www.communitycu.org/sign-on.html https://www.affinityfcu.org/welcome.html
-> 2.0, P2 We need to understand why this is happening before RTM. Can someone investigate?
Priority: -- → P2
Target Milestone: --- → 2.0
Version: 1.01 → 2.0
Comment 3•23 years ago
|
||
I tried these sites with today's commercial Linux build and they all worked fine.
Comment 4•23 years ago
|
||
I just tried on the latest commercial windows branch build and all of these sites load successfully. Resolving WORKSFORME.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
Comment 5•23 years ago
|
||
David: including win2000?
Comment 6•23 years ago
|
||
Using my latest trunk build, these sites work on win2k. I'll try the branch build next.
Comment 7•23 years ago
|
||
Tested the latest branch builds on win2k and *all* of these sites load successfully.
Comment 8•23 years ago
|
||
Reopening. You will get a blank page when visiting an SSL2 only site with only SSL3 enabled, and vice versa.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Summary: ecommerce sites deliver blank pages → ecommerce sites deliver blank pages if cipher is not available
Confirmed. These sites must be SSL2 sites. When I turn SSL2 on, I can access them. Good work.
Comment 10•23 years ago
|
||
The SSL library has specific error codes that it returns in these cases of no protocol or cipher suite match. Evidently, PSM isn't taking notice of those error codes.
Updated•23 years ago
|
Keywords: nsenterprise
Comment 13•23 years ago
|
||
These pages were delivering blank pages because lord had SSL v2 disabled. Now you get an alert saying the SSL v2 is disabled nad that's why you can't connect. Seems like this bug should be marked as fixed or a dup of 33772
Comment 14•23 years ago
|
||
You still get blank pages if cipher is not available. You just get a warning first.
Comment 15•23 years ago
|
||
goal is to show warning and stay on the current page
Comment 16•23 years ago
|
||
*** Bug 90850 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 17•23 years ago
|
||
Adding darin and bbaetz to cc list, FYI. I debugged this. What happens: Although the connection was aborted, the method nsHttpChannel::OnStartRequest will still be called. This method recognizes that no mResponseHead is available and goes to mListener->OnStartRequest, which ends up at nsDocumentOpenInfo::OnStartRequest. Arriving there, httpChannel->GetResponseStatus gets called. However, this function fails. It returns an error code (as now response head is available). The problem: The error code from GetResponseStatus is not checked. I added the check to the return code, and if a failure is detected, return immediately from the function. This prevents an empty document to be created and shown. The behaviour is then as expected, the previous document will remain in the document area of the browser.Darin, Bbaetz: While this fixes the problem, I want to point you to an additional location that you might want to check. The method nsHttpChannel::OnStartRequest never uses it's parameter request, besides for the debug log (and that's the reason why you might have never seen a "not used" warning from the compiler). Is it possible that the call to mListener->OnStartRequest shouldn't use "this" as the first parameter, but the "request" argument? Just an idea. I suggest to change the Product of this bug to "Browser" and component to "Networking: HTTP".
Assignee | ||
Comment 18•23 years ago
|
||
Assignee | ||
Comment 19•23 years ago
|
||
cc'ing sspitzer Seth, can you please review this patch?
Comment 20•23 years ago
|
||
r=bbaetz. darin, sr?
Comment 21•23 years ago
|
||
uriloader patches should go through mscott for review, he's the module owner.
Comment 22•23 years ago
|
||
using "this" as the first parameter to mListener->OnStartRequest is correct. clients of an nsIHttpChannel, expect nsIStreamListener methods to arrive with the request being the nsIHttpChannel. your patch sounds correct to me. however, i really think that mscott should take a look at this patch.
Comment 26•23 years ago
|
||
sr=mscott
Comment 28•23 years ago
|
||
Checked in patch for Kai.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → FIXED
Comment 30•23 years ago
|
||
Reopening. The 4 sites in the original bug description still give a blank page if SSL2 is off.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 31•23 years ago
|
||
There is one szenario that makes this bug confusing to test. However, I still think the bug is fixed. Let me explain how you can verify this. Preparation: - Configure your browser to start with a blank page. - turn off SSL2 Szenario 1) =========== Stop the browser. Start the browser. It displays an empty page. Now go to https://www.netplaza.com/ When I do this, I get a warning. After I clicked OK in the warning, the browser still displays an empty page. This is how I expect it to be. As there previously was nothing to show, the browser should still display an empty page. Szenario 2) =========== Stop the browser. Start the browser. It displays an empty page. Go to http://www.mozilla.org Wait for the page to load. Now go to https://www.netplaza.com/ When I do this, I get a warning. After I clicked OK in the warning, the browser still displays the Mozilla homepage. junruh, can you please try these steps? Does it behave like I described or do you see something different?
Comment 32•23 years ago
|
||
Marking fixed with the 8/3 WinNT trunk build.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•