Closed
Bug 1069317
Opened 10 years ago
Closed 10 years ago
about:neterror does not display with e10s enabled for cert pin violations
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
e10s | m4+ | --- |
People
(Reporter: mgoodwin, Assigned: jimm)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
(deleted),
image/png
|
Details |
about:neterror fails to display with e10s. str: 1) enable e10s 2) cause some condition that will result in about:neterror displaying (e.g. cause a pinning violation by visiting https://google.com/ via a tool like OWASP ZAP with the proxy's root installed) 3) Observe a blank page in place of the neterror page
tracking-e10s:
--- → ?
![]() |
Assignee | |
Updated•10 years ago
|
Assignee: nobody → jmathies
![]() |
Assignee | |
Comment 1•10 years ago
|
||
Hmm, not able to reproduce using a simple bad address.
![]() |
Assignee | |
Comment 2•10 years ago
|
||
Maybe I'm not testing the right scenario here.. Mark, are you still able to reproduce, and are you sure what you're seeing isn't a result of your test config?
Flags: needinfo?(mgoodwin)
![]() |
Assignee | |
Comment 3•10 years ago
|
||
downed proxies look ok too.
Reporter | ||
Comment 4•10 years ago
|
||
(In reply to Jim Mathies [:jimm] from comment #3) > downed proxies look ok too. I was testing with certificate pin errors; I'll try to repro again in a bit
Flags: needinfo?(mgoodwin)
![]() |
Assignee | |
Comment 5•10 years ago
|
||
I tried an invalid cert as well here - different about page though. https://onlinessl.netlock.hu/en/test-center/invalid-ssl-certificate.html
Reporter | ||
Comment 6•10 years ago
|
||
OK, I am still able to reproduce. Here are the steps: 1) Create some enviroment in which it's possible to get a pin violation from an otherwise OK chain: e.g. a) Install a man in the middle proxy (e.g. OWASP ZAP) b) Install a local CA root (e.g. by using the ZAP dynamic SSL feature) c) Configure your browser to use the proxy 2) Visit an URL which causes a pin violation to occur (e.g. https://www.google.com) 3) Observe about:neterror failing to display The same STR works fine with e10s disabled.
![]() |
Assignee | |
Updated•10 years ago
|
Summary: about:neterror does not display with e10s enabled → about:neterror does not display with e10s enabled for cert pin violations
Comment 7•10 years ago
|
||
You can always visit https://pinningtest.appspot.com instead of setting up your proxy.
See also the last few comments in bug 1053456.
![]() |
Assignee | |
Comment 9•10 years ago
|
||
(In reply to [:mmc] Monica Chew (please use needinfo) from comment #7) > You can always visit https://pinningtest.appspot.com instead of setting up > your proxy. sweeeet! thanks!
![]() |
Assignee | |
Comment 10•10 years ago
|
||
Not much to go on except a little log output - [JavaScript Error: "NS_NOINTERFACE: Component returned failure code: 0x80004002 (NS_NOINTERFACE) [nsISupports.QueryInterface]"] [JavaScript Error: "NS_NOINTERFACE: Component returned failure code: 0x80004002 (NS_NOINTERFACE) [nsISupports.QueryInterface]"] ..
![]() |
Assignee | |
Comment 11•10 years ago
|
||
We end up in nsDocShell::DisplayLoadError[1], where we attempt to get security info on the failed channel[2] which fails. We end up with en empty messageStr and bail. [1] http://mxr.mozilla.org/mozilla-central/source/docshell/base/nsDocShell.cpp#4815 [2] http://mxr.mozilla.org/mozilla-central/source/docshell/base/nsDocShell.cpp#4812
![]() |
Assignee | |
Comment 12•10 years ago
|
||
On the parent side in HttpChannelParent, we try to serialize security info via NS_SerializeToString, and for some reason this particular channel fails there. So we end up with an empty secInfoSerialization string. http://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/http/HttpChannelParent.cpp#669
![]() |
Assignee | |
Comment 13•10 years ago
|
||
fixed in 10-18 nightly.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•