This is Bugzilla: the Mozilla bug system. For more information about what Bugzilla is and what it can do, see mozilla.org's bug pages.

Bugzilla Bug 106865

Blank page instead of SSL error dialog visiting https server

Bug List: (71 of 149) First Last Prev Next   Show list      Query page      Enter new bug

I'm running N6.x BuildID: 2001091703
I'm attempting to reproduce a problem reported by a user with an older
version of Mozilla.  I should be getting SSL error dialogs, (like the ones
he reported) but instead I'm getting the infamous blank page, whose 
contents are:
           <html><body></body?</html>

That blank page phenomenon is EVIL!

Here's how I reproduced it.
1. Visit http://ca.in-berlin.de/cgi-bin/rootca and download the root CA
cert, but do not check any of the trust check boxes.
2. Visit http://ca.in-berlin.de/cgi-bin/serverca and download the 
intermediate CA cert, but do not check any of the trust check boxes.3. Visit
https://me.in-berlin.de/ or https://me.in-berlin.de/asdfkjh

You should get an error message about an untrusted CA cert.
Instead, I get a blank page.

4. Then use the Certificate Manager and edit the trust flags for the 
root CA,  trusting it to issue SSL server certs.  
5. Visit https://me.in-berlin.de/ or https://me.in-berlin.de/asdfkjh

You should get an error message about some other problem with the CA cert.
Instead, I get a blank page.
I think that
A) we should never see blank pages when there are SSL problems, and 
b) if we ever DO get this page, IT SHOULD NOT BE BLANK.

I propose that the page be changed to something like this:

   <html><body>If you can see this, PSM needs more work.</body?</html>

This was taken care of by the fix to bug 97997


*** This bug has been marked as a duplicate of 97997 ***

Verified dupe.

I've got news for ya.
I downloaded the 10-22 build from sweetlou, which identifies itself as
Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 
(note it says 10-19)
And I get the same blank pages from it.
So this bug is NOT fixed.

Here is an update.  I see that what's actually happening is that no new page
is being loaded at all.  It's not a new blank page being loaded.  Whatever
page was being shown before is left showing.  
So, with this bugzilla page in my window, I visit the URL cited above,
and when the throbber stops, it says "document done", and no error dialogs
appeared, but I'm still looking at the same mozilla bug page.

With the 10/26 Win98 trunk build, I get "You cannot connect because of an 
unknown SSL error (-8101)"

Using nelsonb's TLS tests, I get:
/u/junruh/tls >./tstclnt -h me.in-berlin.de -d . < stdin.txt
tstclnt: connecting to me.in-berlin.de:443 (address=213.61.118.14)
tstclnt: connect: Operation is still in progress (probably a non-blocking 
connect).
tstclnt: about to call PR_Poll for connect completion!
tstclnt: PR_Poll returned 0x02 for socket out_flags.
tstclnt: ready...
tstclnt: about to call PR_Poll !
tstclnt: PR_Poll returned!
tstclnt: PR_Poll returned 0x01 for stdin out_flags.
tstclnt: stdin read 16 bytes
tstclnt: Writing 16 bytes to server
tstclnt: about to call PR_Poll on writable socket !
tstclnt: PR_Poll returned with writable socket !
tstclnt: about to call PR_Poll on writable socket !
tstclnt: PR_Poll returned with writable socket !
tstclnt: write to SSL socket failed: Certificate type not approved for 
application.

How 'bout a dialog box saying that in PSM?

Confirmed for 2001110703 on Win98SE.

This bug is very annoying (severity should be major) because no https site can
be browsed.

rangan

Something darn similar to this is happening in release 0.9.6, though it did not
happen in 0.9.5, on Linux.  With the 095 release, I was able to do my secure
banking and shopping with no problem at all.  With 096, hitting https:// pages
do nothing at all, or load a blank page if they were to open a new window
(either by javascript or by hitting the middle mouse button).  I reported it as
bug #111323, which will likely be marked a duplicate of this one.

This bug is really annoying. In fact, it's a "showstop" bug for any HTTPS user.

Please, update the "severity" field to reflect this important fact.

Mozilla is my only browser since last summer. Excellent work, guys.

Merry Christmas and happy 2002.

Works for me. I cannot reproduce, and also haven't seen a blank page for a long 
time now.

Verified works for me.

I got some bad news for you guys, this bug is still in 0.9.9, and it's still as 
much of a showstopper. Except now I have a test case.
It involves a bad SSL server configuration, but nonetheless mozilla should 
report an error, not a blank page .

See the attached cert and key databases.
They are for the server. Run selfserver from NSS the following way :

(strange)/u/jpierre/nss/34/mozilla/dist/SunOS5.8_DBG.OBJ/bin{72} !68
./selfserv -n Server-Cert -p 2000 -m -r -r -w enterprise

Then connect with Mozilla to the machine, in this case https://strange:2000 .

Then, mozilla will display the infamous blank page !

Meanwhile, selfserv will also report an error below :
selfserv: HDX PR_Read returned error -12199:
No certificate authority is trusted for SSL client authentication.

This is normal and is expected for this invalid SSL server configuration. But 
mozilla must deal with it. This is a showstopper.

Created an attachment (id=76700)
cert database for use with selfserv

Reproduced, reopening

Created an attachment (id=76701)
key database for use with selfserv

You may want to take a look at 
http://bugzilla.mozilla.org/show_bug.cgi?id=134125
for other investigations about what led me to create this testcase .

Apparently the client side just gets an "end of file" right away from the 
misconfigured server, there is no SSL error reported. So there may also be a 
libssl bug at stake here.

Even if there is no SSL error reportd, mozilla should still report a problem 
with the site if it submits an HTTPS request and gets nothing back from the 
server. I discussed the HTTP/HTTPS aspects of this in another very similar bug, 
http://bugzilla.mozilla.org/show_bug.cgi?id=126944 .

kai