Bugzilla version 2.15
This is Bugzilla: the Mozilla bug system. For more
information about
what Bugzilla is and what it can do, see
mozilla.org's
bug pages.
|
|
Blank page instead of SSL error dialog visiting https server
|
Bug List: (71 of 149)
First
Last
Prev
Next
Show list
Query page
Enter new bug
I'm running N6.x BuildID: 2001091703
I'm attempting to reproduce a problem reported by a user with an older
version of Mozilla. I should be getting SSL error dialogs, (like the ones
he reported) but instead I'm getting the infamous blank page, whose
contents are:
<html><body></body?</html>
That blank page phenomenon is EVIL!
Here's how I reproduced it.
1. Visit http://ca.in-berlin.de/cgi-bin/rootca and download the root CA
cert, but do not check any of the trust check boxes.
2. Visit http://ca.in-berlin.de/cgi-bin/serverca and download the
intermediate CA cert, but do not check any of the trust check boxes.3. Visit
https://me.in-berlin.de/ or https://me.in-berlin.de/asdfkjh
You should get an error message about an untrusted CA cert.
Instead, I get a blank page.
4. Then use the Certificate Manager and edit the trust flags for the
root CA, trusting it to issue SSL server certs.
5. Visit https://me.in-berlin.de/ or https://me.in-berlin.de/asdfkjh
You should get an error message about some other problem with the CA cert.
Instead, I get a blank page.
I think that
A) we should never see blank pages when there are SSL problems, and
b) if we ever DO get this page, IT SHOULD NOT BE BLANK.
I propose that the page be changed to something like this:
<html><body>If you can see this, PSM needs more work.</body?</html>
------- Additional Comment #1 From Stephane Saux 2001-10-26 08:38 -------
This was taken care of by the fix to bug 97997
*** This bug has been marked as a duplicate of 97997 ***
------- Additional Comment #2 From junruh@netscape.com 2001-10-26 10:00 -------
Verified dupe.
------- Additional Comment #3 From Nelson Bolyard 2001-10-26 11:56 -------
I've got news for ya.
I downloaded the 10-22 build from sweetlou, which identifies itself as
Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2
(note it says 10-19)
And I get the same blank pages from it.
So this bug is NOT fixed.
------- Additional Comment #4 From Nelson Bolyard 2001-10-26 12:01 -------
Here is an update. I see that what's actually happening is that no new page
is being loaded at all. It's not a new blank page being loaded. Whatever
page was being shown before is left showing.
So, with this bugzilla page in my window, I visit the URL cited above,
and when the throbber stops, it says "document done", and no error dialogs
appeared, but I'm still looking at the same mozilla bug page.
------- Additional Comment #5 From junruh@netscape.com 2001-10-26 12:25 -------
With the 10/26 Win98 trunk build, I get "You cannot connect because of an
unknown SSL error (-8101)"
------- Additional Comment #6 From junruh@netscape.com 2001-10-26 12:42 -------
Using nelsonb's TLS tests, I get:
/u/junruh/tls >./tstclnt -h me.in-berlin.de -d . < stdin.txt
tstclnt: connecting to me.in-berlin.de:443 (address=213.61.118.14)
tstclnt: connect: Operation is still in progress (probably a non-blocking
connect).
tstclnt: about to call PR_Poll for connect completion!
tstclnt: PR_Poll returned 0x02 for socket out_flags.
tstclnt: ready...
tstclnt: about to call PR_Poll !
tstclnt: PR_Poll returned!
tstclnt: PR_Poll returned 0x01 for stdin out_flags.
tstclnt: stdin read 16 bytes
tstclnt: Writing 16 bytes to server
tstclnt: about to call PR_Poll on writable socket !
tstclnt: PR_Poll returned with writable socket !
tstclnt: about to call PR_Poll on writable socket !
tstclnt: PR_Poll returned with writable socket !
tstclnt: write to SSL socket failed: Certificate type not approved for
application.
------- Additional Comment #7 From Nelson Bolyard 2001-10-26 12:56 -------
How 'bout a dialog box saying that in PSM?
------- Additional Comment #8 From Xuan Baldauf 2001-11-08 03:28 -------
Confirmed for 2001110703 on Win98SE.
This bug is very annoying (severity should be major) because no https site can
be browsed.
------- Additional Comment #9 From Stephane Saux 2001-11-08 07:52 -------
rangan
------- Additional Comment #10 From Joseph Shelby 2001-11-21 15:14 -------
Something darn similar to this is happening in release 0.9.6, though it did not
happen in 0.9.5, on Linux. With the 095 release, I was able to do my secure
banking and shopping with no problem at all. With 096, hitting https:// pages
do nothing at all, or load a blank page if they were to open a new window
(either by javascript or by hitting the middle mouse button). I reported it as
bug #111323, which will likely be marked a duplicate of this one.
------- Additional Comment #11 From Jesus Cea 2001-12-28 08:07 -------
This bug is really annoying. In fact, it's a "showstop" bug for any HTTPS user.
Please, update the "severity" field to reflect this important fact.
Mozilla is my only browser since last summer. Excellent work, guys.
Merry Christmas and happy 2002.
------- Additional Comment #12 From junruh@netscape.com 2002-03-01 12:00 -------
Works for me. I cannot reproduce, and also haven't seen a blank page for a long
time now.
------- Additional Comment #13 From junruh@netscape.com 2002-03-20 09:57 -------
Verified works for me.
------- Additional Comment #14 From Julien Pierre 2002-03-28 21:35 -------
I got some bad news for you guys, this bug is still in 0.9.9, and it's still as
much of a showstopper. Except now I have a test case.
It involves a bad SSL server configuration, but nonetheless mozilla should
report an error, not a blank page .
See the attached cert and key databases.
They are for the server. Run selfserver from NSS the following way :
(strange)/u/jpierre/nss/34/mozilla/dist/SunOS5.8_DBG.OBJ/bin{72} !68
./selfserv -n Server-Cert -p 2000 -m -r -r -w enterprise
Then connect with Mozilla to the machine, in this case https://strange:2000 .
Then, mozilla will display the infamous blank page !
Meanwhile, selfserv will also report an error below :
selfserv: HDX PR_Read returned error -12199:
No certificate authority is trusted for SSL client authentication.
This is normal and is expected for this invalid SSL server configuration. But
mozilla must deal with it. This is a showstopper.
------- Additional Comment #15 From Julien Pierre 2002-03-28 21:36 -------
Created an attachment (id=76700)
cert database for use with selfserv
------- Additional Comment #16 From Julien Pierre 2002-03-28 21:37 -------
Reproduced, reopening
------- Additional Comment #17 From Julien Pierre 2002-03-28 21:38 -------
Created an attachment (id=76701)
key database for use with selfserv
------- Additional Comment #18 From Julien Pierre 2002-03-28 21:48 -------
You may want to take a look at
http://bugzilla.mozilla.org/show_bug.cgi?id=134125
for other investigations about what led me to create this testcase .
Apparently the client side just gets an "end of file" right away from the
misconfigured server, there is no SSL error reported. So there may also be a
libssl bug at stake here.
Even if there is no SSL error reportd, mozilla should still report a problem
with the site if it submits an HTTPS request and gets nothing back from the
server. I discussed the HTTP/HTTPS aspects of this in another very similar bug,
http://bugzilla.mozilla.org/show_bug.cgi?id=126944 .
------- Additional Comment #19 From Stephane Saux 2002-04-22 19:36 -------
kai
Bug List: (71 of 149)
First
Last
Prev
Next
Show list
Query page
Enter new bug
This is Bugzilla: the Mozilla bug system. For more
information about
what Bugzilla is and what it can do, see
mozilla.org's
bug pages.
| |