Closed Bug 929068 Opened 11 years ago Closed 11 years ago

Tumblr logo does not show correctly at first load. (style sheet would not load at first load)

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
25 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla27
Tracking Flags:
Tracking Status
firefox24 --- unaffected
firefox25 + verified
firefox26 + verified
firefox27 + verified

People

(Reporter: alice0775, Assigned: keeler)

References

Details

(Keywords: regression)

Attachments

(2 files, 1 obsolete file)

http log zipped
5.25 MB, application/x-zip-compressed
Details
pref-off ocsp stapling v2
2.23 KB, patch
keeler
: review+
Details | Diff | Splinter Review 
This is spun off from Bug 928832 comment#2

Tumblr logo does not show correctly at first load.
Reload the page works properly.

Steps To Reproduce:
1. Start Firefox with new profile ( OR Clear Cache and restart browser)
2. Open https://www.tumblr.com/

Actual Results:
Tumblr logo does not show correctly.
Just text is displayed.

In Network(Ctrl+Shift+Q) pane:
https://secure.assets.tumblr.com/assets/styles/global.css?_v=b48d56f01eebbac361e12044b8b6edae
does not load properly.
Http request header reported. but no response header....


Expected Results:
Tumblr logo image should be displayed




Regression window(m-c)
Good:
http://hg.mozilla.org/mozilla-central/rev/7e05a42582e4
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20130624 Firefox/25.0 ID:20130624175958
Bad:
http://hg.mozilla.org/mozilla-central/rev/bc569033125a
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20130624 Firefox/25.0 ID:20130624215508
Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=7e05a42582e4&tochange=bc569033125a


Regression window(m-i)
Good:
http://hg.mozilla.org/integration/mozilla-inbound/rev/4974fb802ec1
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20130624 Firefox/24.0 ID:20130624083204
Bad:
http://hg.mozilla.org/integration/mozilla-inbound/rev/19d9d359ed5e
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20130624 Firefox/24.0 ID:20130624091301
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=4974fb802ec1&tochange=19d9d359ed5e

Regressed by: bug 700693
Setting security.OCSP.enabled = 0 does fix.
Summary: Tumblr logo does not show correctly at first load → Tumblr logo does not show correctly at first load. (style sheet would not load at first load)
Attached file http log zipped 
http log
set NSPR_LOG_MODULES=timestamp,nsHttp:5,nsSocketTransport:5,nsHostResolver:5
set NSPR_LOG_FILE=%TEMP%\log.txt
The issue is that secure.assets.tumblr.com is sending a stapled ocsp response with an old "thisUpdate" time. The issue is described in bug 929617, which will track the proper fix. This bug should track our immediate response given that we're about to ship ocsp stapling in a release.
After discussing this further on r-d, let's disable on m-b and m-r for FF25. a=akeybl on landing the disable patch to both branches once prepared. Note that RyanVM is out, so please land the changes yourself. Thanks!
Assignee: nobody → dkeeler
Attached patch pref-off ocsp stapling (obsolete) — Splinter Review 
cviecco - we discovered some poor site interactions with OCSP stapling, so we're preffing it off until we fix it.
Attachment #820625 - Flags: review?(cviecco)
Comment on attachment 820625 [details] [diff] [review]
pref-off ocsp stapling

Review of attachment 820625 [details] [diff] [review]:
-----------------------------------------------------------------

Simple and good
Attachment #820625 - Flags: review?(cviecco) → review+
(In reply to Alice0775 White from comment #1)
> Setting security.OCSP.enabled = 0 does fix.

I'd hate to disable all *OCSP* checking (like this setting) to fix something limited to stapling.

Keeler's patch changes:
security.ssl.enable_ocsp_stapling = false 
which seems more appropriate than turning off all OCSP.  Does that off-preffing also fix the problem?
(In reply to Alex Keybl [:akeybl] from comment #4)
> After discussing this further on r-d, let's disable on m-b and m-r for FF25.
> a=akeybl on landing the disable patch to both branches once prepared. Note
> that RyanVM is out, so please land the changes yourself. Thanks!

https://hg.mozilla.org/releases/mozilla-beta/rev/ae2c9c00d149
https://hg.mozilla.org/releases/mozilla-release/rev/9366ed0daf42
status-firefox25: affectedfixed
Just for posterity, bajaj came into #releng just now asking about why this didn't trigger jobs on m-beta.

The reason was that only landings on the |default| hg branch (|master| in git terms) will trigger jobs. however just having David reland this on default on m-beta would have caused some problems in 6 weeks at next beta->release merge so bajaj asked me to look into manually kicking the jobs.

I did the latter choice by loading https://secure.pub.build.mozilla.org/buildapi/self-serve/mozilla-beta and then pasting in the rev into the box at the bottom (for both depend and pgo builds) and clicking submit. Within minutes we had a full platform list of jobs starting on mozilla-beta ready to recieve test results once complete.
(In reply to Justin Wood (:Callek) from comment #9)
> Just for posterity, bajaj came into #releng just now asking about why this
> didn't trigger jobs on m-beta.
> 
> The reason was that only landings on the |default| hg branch (|master| in
> git terms) will trigger jobs. however just having David reland this on
> default on m-beta would have caused some problems in 6 weeks at next
> beta->release merge so bajaj asked me to look into manually kicking the jobs.

And actually I did not do the same choice for m-release since you likely will also want the change on |default| incase of a chemspill reason, so please reland on the default branch there, which will trigger tests.
Comment on attachment 820625 [details] [diff] [review]
pref-off ocsp stapling

Review of attachment 820625 [details] [diff] [review]:
-----------------------------------------------------------------

::: netwerk/base/public/security-prefs.js
@@ +11,5 @@
>  pref("security.ssl.renego_unrestricted_hosts", "");
>  pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
>  pref("security.ssl.require_safe_negotiation",  false);
>  pref("security.ssl.warn_missing_rfc5746",  1);
> +pref("security.ssl.enable_ocsp_stapling", false);

In nsNSSComponent.cpp, we should also change this, right?:

- #define OCSP_STAPLING_ENABLED_DEFAULT true
+ #define OCSP_STAPLING_ENABLED_DEFAULT false
Good catch, Brian. Here's the updated patch.
Attachment #820625 - Attachment is obsolete: true
Attachment #820717 - Flags: review+
https://hg.mozilla.org/releases/mozilla-release/rev/8a2925c6b567

https://hg.mozilla.org/releases/mozilla-beta/rev/8fb39b8fb2a7
https://hg.mozilla.org/releases/mozilla-beta/rev/b1aa52690126
(I backed out the incorrect patch)

It looks like the builds got kicked off for release, but we'll have to manually start them for beta again.
We tested the FF 25b11 as specified here: https://wiki.mozilla.org/Releases/Firefox_25/Test_Plan#Regression_Testing_10 

This issue is no longer reproducible having security.ssl.enable_ocsp_stapling pref disabled.
Thanks Mihai, we won't call this verified until testing is repeated in 25rc2 just to be safe.
Verified fixed based on 25.0b11 and 25.0rc2 testing:
https://wiki.mozilla.org/Releases/Firefox_25/Test_Plan
status-firefox25: fixedverified
Alice, can you please confirm this is working for you now across all branches and if so please mark this bug verified fixed.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
I can confirm that the problrm was fixed in Nightly27.0a1, Aurora26.0a2 and Firefox25.0b11.

http://hg.mozilla.org/mozilla-central/rev/19fd3388c372
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0 ID:20131024030204
http://hg.mozilla.org/releases/mozilla-aurora/rev/ed279034d066
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 ID:20131024004004
http://hg.mozilla.org/releases/mozilla-beta/rev/e55593a833c9
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 ID:20131022211721
Status: RESOLVED → VERIFIED
status-firefox26: --- → verified
status-firefox27: --- → verified
Alice - did you test with the instructions at https://wiki.mozilla.org/Releases/Firefox_25/Test_Plan (the important part is setting the system clock forward 1 week)? The patch disabling ocsp stapling was only uplifted to 25.
Flags: needinfo?(alice0775)
(In reply to David Keeler (:keeler) from comment #19)
> Alice - did you test with the instructions at
> https://wiki.mozilla.org/Releases/Firefox_25/Test_Plan (the important part
> is setting the system clock forward 1 week)? The patch disabling ocsp
> stapling was only uplifted to 25.

No.
Flags: needinfo?(alice0775)
Umm, I cannot also reproduce the problem in the BAD build

Probably,
https://www.tumblr.com/ site was modified by themselves.
Target Milestone: --- → mozilla27
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: