Control: severity -1 important
Control: retitle -1 firefox: connection failure to most https websites with 
https proxy auto-config and security.OCSP.require set to true

I've found the cause. To reproduce the problem:

1. Start Firefox with a new profile (via "firefox -P").

2. In Preferences → General → Network Settings, set
   "Automatic proxy configuration URL" and enter
   https://istpac.inria.fr/pac/roc.pac

3. In about:config, toggle security.OCSP.require to true.

4. Quit Firefox.

5. Start firefox with the same profile.

6. Open the URL https://www.google.com/

This yields a connection failure with the SEC_ERROR_OCSP_SERVER_ERROR
error.

If I download https://istpac.inria.fr/pac/roc.pac and use the local
version (with a "file:" URL) instead of the https URL, and restart
Firefox, then everything works fine!

Note: This .pac file contains a FindProxyForURL function that returns
a proxy for some particular domains (not including google.com), and
this proxy requires an authentication. But with the above test, the
function should always return "DIRECT". And indeed, its use as a
"file:" URL shows that everything is OK.

-- 
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply via email to