214146 – firefox cannot connect to some https sites from behind firewall

Bug 214146 - firefox cannot connect to some https sites from behind firewall

Summary: firefox cannot connect to some https sites from behind firewall

Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	6
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Christopher Aillon
QA Contact:
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-11-06 08:07 UTC by Tomasz Kepczynski
Modified:	2018-04-11 11:13 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:
Doc Text:	(edit)
Clone Of:
Environment:	(edit)
Last Closed:	2008-01-15 14:40:39 UTC
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Tomasz Kepczynski 2006-11-06 08:07:36 UTC

Description of problem:
I cannot access the following sites when OCSP is turned on for
certificate validation:
https://login.vwbankdirect.pl
https://www.r-bank.pl
Firefox reports error -5990 and says it cannot start encrypted connection.
As far as I know mozilla didn't have this problem.
Now the really important part seems to be firewall and proxy. I have the
following automatic proxy config:
function FindProxyForURL(url, host)
{
  return("PROXY proxy.xxx.xxx.com:911");
}
but browser seems to go directly and obviously fails (I can see
SYN_SENT line in netstat -t going outside the firewall to
12.166.243.30:http for both of the above sites).
I can access both of the sites from another machine where both
sites are available directly.
As a workaround I can disable OCSP.

Version-Release number of selected component (if applicable):
firefox-1.5.0.7-8.fc6.i386

How reproducible:
Always

Actual results:
Firefox does not connect to a site.

Expected results:
Firefox connects to a site.

Additional info:
See also bug 192977. This bug is not fixed by the update as
described there, it is only masked by default setting (OCSP
is off by default).

Comment 1 Matěj Cepl 2007-12-10 09:25:17 UTC

Fedora Core 6 is no longer supported, could you please reproduce this with the
updated version of the currently supported distribution (Fedora 7, 8, or
Rawhide)? If this issue turns out to still be reproducible, please let us know
in this bug report. If after a month's time we have not heard back from you, we
will have to close this bug as CANTFIX.

Setting status to NEEDINFO, and awaiting information from the reporter.

[This is mass-filed message to all open Fedora Core 6 bugs related to Xorg or
Gecko. If you see any other reason, why this bug shouldn't be closed, please,
comment on it here.]

Comment 2 Tomasz Kepczynski 2007-12-10 11:51:15 UTC

As of Fedora 8 and firefox-2.0.0.10-2.fc8.x86_64 this bug seems
to be fixed.

Comment 3 Matěj Cepl 2008-01-15 14:40:39 UTC

Since there are insufficient details provided in this report for us to
investigate the issue further, and we have not received feedback to the
information we have requested above, we will assume the problem was not
reproducible, or has been fixed in one of the updates we have released for the
reporter's distribution.

Users who have experienced this problem are encouraged to upgrade to the latest
update of their distribution, and if this issue turns out to still be
reproducible in the latest update, please reopen this bug with additional
information.

Closing as INSUFFICIENT_DATA.

{This is mass-closing of all obsolete bugs; if this bug was in your opinion
closed by mistake, please, reopen it with additional information; thanks a lot
and I am sorry for bothering you in such case.}

Note You need to log in before you can comment on or make changes to this bug.