Red Hat Bugzilla – Bug 167667
firefox does not use proxy for OCSP
Last modified: 2008-01-15 09:39:04 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6 Description of problem: In firefox I had set "Use OCSP to validate only certificates that specify an OCSP service URL" but at the same time I use a (manually configurated) proxy to reach internet. https://bugzilla.redhat.com/ specifies an OCSP service URL, which is 12.166.243.30:80 but firefox tried to reach it directly and NOT through the proxy! Indeed if in firefox I digit http://12.166.243.30 I get to the OCSP responder thorugh the proxy, but if I try https://bugzilla.redhat.com/ the firewall stops the direct connection. Thus to file this report I had to set "Do not use OCSP for certificate validation" Version-Release number of selected component (if applicable): firefox-1.0.6-1.1.fc4 How reproducible: Always Steps to Reproduce: 1. set "Use OCSP to validate only certificates that specify an OCSP service URL" 2. use a proxy manually configured 3. Actual Results: gives an error in loading the pages because it is trying to reach the OCSP responder directly and not via the proxy and the firewall does not allow the connection Expected Results: get to the OCSP responder Additional info:
This report targets the FC3 or FC4 products, which have now been EOL'd. Could you please check that it still applies to a current Fedora release, and either update the target product or close it ? Thanks.
I've tried on fc6 with ocsp to access https://www.pcisecuritystandards.org/, gave error -5990 and firewall rejected direct connections to 12.166.243.30 which is an ocsp responder as far as i can see > rpm -q firefox firefox-1.5.0.9-1.fc6
Kai, thoughts here?
The "OCSP via proxy" feature has been implemented in Firefox 2.0 see https://bugzilla.mozilla.org/show_bug.cgi?id=111384 It does not work in FC6, because it still uses Firefox 1.5
Fedora Core 6 is no longer supported, could you please reproduce this with the updated version of the currently supported distribution (Fedora 7, 8, or Rawhide)? If this issue turns out to still be reproducible, please let us know in this bug report. If after a month's time we have not heard back from you, we will have to close this bug as CANTFIX. Setting status to NEEDINFO, and awaiting information from the reporter. [This is mass-filed message to all open Fedora Core 6 bugs related to Xorg or Gecko. If you see any other reason, why this bug shouldn't be closed, please, comment on it here.]
Since there are insufficient details provided in this report for us to investigate the issue further, and we have not received feedback to the information we have requested above, we will assume the problem was not reproducible, or has been fixed in one of the updates we have released for the reporter's distribution. Users who have experienced this problem are encouraged to upgrade to the latest update of their distribution, and if this issue turns out to still be reproducible in the latest update, please reopen this bug with additional information. Closing as INSUFFICIENT_DATA. {This is mass-closing of all obsolete bugs; if this bug was in your opinion closed by mistake, please, reopen it with additional information; thanks a lot and I am sorry for bothering you in such case.}