Bug 167667 - firefox does not use proxy for OCSP
firefox does not use proxy for OCSP
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
Depends On:
  Show dependency treegraph
Reported: 2005-09-06 15:23 EDT by Andrea Pasquinucci
Modified: 2008-01-15 09:39 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-15 09:39:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andrea Pasquinucci 2005-09-06 15:23:04 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
In firefox I had set "Use OCSP to validate only certificates that specify an OCSP service URL" but at the same time I use a (manually configurated) proxy to reach internet. https://bugzilla.redhat.com/ specifies an OCSP service
URL, which is but firefox tried to reach it directly and NOT
through the proxy! Indeed if in firefox I digit I get to
the OCSP responder thorugh the proxy, but if I try https://bugzilla.redhat.com/
the firewall stops the direct connection. Thus to file this report I had to set "Do not use OCSP for certificate validation" 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. set "Use OCSP to validate only certificates that specify an OCSP service URL"
2. use a proxy manually configured

Actual Results:  gives an error in loading the pages because it is trying to reach the OCSP responder directly and not via the proxy and the firewall does not allow the connection

Expected Results:  get to the OCSP responder

Additional info:
Comment 1 Christian Iseli 2007-01-22 05:05:39 EST
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Comment 2 Andrea Pasquinucci 2007-01-22 10:56:18 EST
I've tried on fc6 with ocsp to access https://www.pcisecuritystandards.org/,
gave error -5990 and firewall rejected direct connections to which
is an ocsp responder as far as i can see

> rpm -q firefox
Comment 3 Christopher Aillon 2007-01-29 12:46:24 EST
Kai, thoughts here?
Comment 4 Kai Engert (:kaie) 2007-01-29 13:46:56 EST
The "OCSP via proxy" feature has been implemented in Firefox 2.0

see https://bugzilla.mozilla.org/show_bug.cgi?id=111384

It does not work in FC6, because it still uses Firefox 1.5
Comment 5 Matěj Cepl 2007-12-10 04:23:54 EST
Fedora Core 6 is no longer supported, could you please reproduce this with the
updated version of the currently supported distribution (Fedora 7, 8, or
Rawhide)? If this issue turns out to still be reproducible, please let us know
in this bug report. If after a month's time we have not heard back from you, we
will have to close this bug as CANTFIX.

Setting status to NEEDINFO, and awaiting information from the reporter.

[This is mass-filed message to all open Fedora Core 6 bugs related to Xorg or
Gecko. If you see any other reason, why this bug shouldn't be closed, please,
comment on it here.]
Comment 6 Matěj Cepl 2008-01-15 09:39:04 EST
Since there are insufficient details provided in this report for us to
investigate the issue further, and we have not received feedback to the
information we have requested above, we will assume the problem was not
reproducible, or has been fixed in one of the updates we have released for the
reporter's distribution.

Users who have experienced this problem are encouraged to upgrade to the latest
update of their distribution, and if this issue turns out to still be
reproducible in the latest update, please reopen this bug with additional


{This is mass-closing of all obsolete bugs; if this bug was in your opinion
closed by mistake, please, reopen it with additional information; thanks a lot
and I am sorry for bothering you in such case.}

Note You need to log in before you can comment on or make changes to this bug.