Bug#574635: xulrunner: cannot connect through a Bluecoat proxy with REDIRECT authentication
Mike Hommey
mh at glandium.org
Fri Mar 19 16:36:02 UTC 2010
On Fri, Mar 19, 2010 at 04:11:49PM +0100, Josselin Mouette wrote:
> Package: xulrunner-1.9.1
> Version: 1.9.1.8-4
>
> Hi,
>
> Xulrunner-based browsers fail to connect through some proxies with very
> peculiar settings.
>
> This happens since the fix for the following bug:
> https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2009-1836
>
> As comment #75 of said bug explains, it breaks the behavior of some
> (arguably broken) proxies. When you issue a CONNECT command, they will
> reply with a REDIRECT to a page that does the authentication.
>
> The patch introduced at that moment breaks this kind of authentication.
> https://bug479880.bugzilla.mozilla.org/attachment.cgi?id=373419
>
>
> Currently, the only way to get this to work is to rebuild xulrunner with
> this patch reverted. Given the way the patch works, I wonder whether it
> would be possible instead to create a new configuration setting, that
> would disable this security fence.
>
> Do you think this would be a worthwhile addition?
>
> I haven’t found an upstream bug report about this issue, so I can
> forward the request up there directly if you need.
Normally this was fixed in 1.9.1 and 1.9.0.16. The upstream bug is
https://bugzilla.mozilla.org/show_bug.cgi?id=491818 and the current code
for the nsHttpChannel::ProcessFailedSSLConnect in both the version in
lenny and the one in testing would fail to reverse the patch you are
linking, because the code changed. What version did you reverse the
patch on, exactly ?
Mike
More information about the pkg-mozilla-maintainers
mailing list