Closed
Bug 1069317
Opened 11 years ago
Closed 11 years ago
about:neterror does not display with e10s enabled for cert pin violations
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| e10s | m4+ | --- |
People
(Reporter: mgoodwin, Assigned: jimm)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
|
23.13 KB,
image/png
|
Details |
badaddress.png
about:neterror fails to display with e10s.
str:
1) enable e10s
2) cause some condition that will result in about:neterror displaying (e.g. cause a pinning violation by visiting https://google.com/ via a tool like OWASP ZAP with the proxy's root installed)
3) Observe a blank page in place of the neterror page
tracking-e10s:
--- → ?
|
Assignee | |
Updated•11 years ago
|
Assignee: nobody → jmathies
|
|
Assignee | |
Comment 1•11 years ago
|
||
Hmm, not able to reproduce using a simple bad address.
|
|
Assignee | |
Comment 2•11 years ago
|
||
Maybe I'm not testing the right scenario here.. Mark, are you still able to reproduce, and are you sure what you're seeing isn't a result of your test config?
Flags: needinfo?(mgoodwin)
|
|
Assignee | |
Comment 3•11 years ago
|
||
downed proxies look ok too.
|
Reporter | |
Comment 4•11 years ago
|
||
(In reply to Jim Mathies [:jimm] from comment #3)
> downed proxies look ok too.
I was testing with certificate pin errors; I'll try to repro again in a bit
Flags: needinfo?(mgoodwin)
|
|
Assignee | |
Comment 5•11 years ago
|
||
I tried an invalid cert as well here - different about page though.
https://onlinessl.netlock.hu/en/test-center/invalid-ssl-certificate.html
|
|
Reporter | |
Comment 6•11 years ago
|
||
OK, I am still able to reproduce. Here are the steps:
1) Create some enviroment in which it's possible to get a pin violation from an otherwise OK chain: e.g.
a) Install a man in the middle proxy (e.g. OWASP ZAP)
b) Install a local CA root (e.g. by using the ZAP dynamic SSL feature)
c) Configure your browser to use the proxy
2) Visit an URL which causes a pin violation to occur (e.g. https://www.google.com)
3) Observe about:neterror failing to display
The same STR works fine with e10s disabled.
|
|
Assignee | |
Updated•11 years ago
|
Summary: about:neterror does not display with e10s enabled → about:neterror does not display with e10s enabled for cert pin violations
|
||
Comment 7•11 years ago
|
||
You can always visit https://pinningtest.appspot.com instead of setting up your proxy.
|
|
||
Comment 8•11 years ago
|
||
See also the last few comments in bug 1053456.
|
|
Assignee | |
Comment 9•11 years ago
|
||
(In reply to [:mmc] Monica Chew (please use needinfo) from comment #7)
> You can always visit https://pinningtest.appspot.com instead of setting up
> your proxy.
sweeeet! thanks!
|
|
Assignee | |
Comment 10•11 years ago
|
||
Not much to go on except a little log output -
[JavaScript Error: "NS_NOINTERFACE: Component returned failure code: 0x80004002 (NS_NOINTERFACE) [nsISupports.QueryInterface]"]
[JavaScript Error: "NS_NOINTERFACE: Component returned failure code: 0x80004002 (NS_NOINTERFACE) [nsISupports.QueryInterface]"]
..
|
|
Assignee | |
Comment 11•11 years ago
|
||
We end up in nsDocShell::DisplayLoadError[1], where we attempt to get security info on the failed channel[2] which fails. We end up with en empty messageStr and bail.
[1] http://mxr.mozilla.org/mozilla-central/source/docshell/base/nsDocShell.cpp#4815
[2] http://mxr.mozilla.org/mozilla-central/source/docshell/base/nsDocShell.cpp#4812
|
|
Assignee | |
Comment 12•11 years ago
|
||
On the parent side in HttpChannelParent, we try to serialize security info via NS_SerializeToString, and for some reason this particular channel fails there. So we end up with an empty secInfoSerialization string.
http://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/http/HttpChannelParent.cpp#669
|
|
Assignee | |
Comment 13•11 years ago
|
||
fixed in 10-18 nightly.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•