Re: Firefox 131 failing all https connections

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Arthur Chance <freebsd_at_qeng-ho.org>
Date: Thu, 10 Oct 2024 16:30:46 UTC
On 10/10/2024 15:22, Paul Procacci wrote:
> 
> 
> On Thu, Oct 10, 2024 at 11:59 AM Arthur Chance <freebsd@qeng-ho.org
> <mailto:freebsd@qeng-ho.org>> wrote:
> 
>     I've just upgraded to Firefox 131 (131.0_1,2 to be precise) and I can
>     only access http pages and any attempt to fetch an https page fails with
>     an empty page. The web developer tools simply show the unhelpful
>     NS_ERROR_FAILURE for the fetch.
> 
>     With the previous version (FF 129) everything worked correctly. I have
>     the ca_root_nss pkg installed, but asking FF 131 about root certificates
>     shows many expired ones so I suspect it's somehow failing to pick up the
>     certificates from the pkg.
> 
>     Any suggestions where I go from here?
> 
> 
>     Current OS:
> 
>     > uname -a
>     FreeBSD arthur.home.qeng-ho.org <http://arthur.home.qeng-ho.org>
>     13.3-RELEASE-p7 FreeBSD 13.3-RELEASE-p7
>     GENERIC amd64
> 
>     Firefox build options from poudriere:
> 
>     ===> The following configuration options are available for
>     firefox-131.0_1,2:
>          CANBERRA=off: Sound theme alerts
>          DBUS=on: D-Bus IPC system support
>          DEBUG=off: Build with debugging support
>          FFMPEG=on: FFmpeg support (WMA, AIFF, AC3, APE...)
>          LIBPROXY=off: Proxy support via libproxy
>          LTO=off: Use Link-Time Optimization
>          OPTIMIZED_CFLAGS=on: Use extra compiler optimizations
>          PROFILE=off: Build with profiling support
>          TEST=off: Build and/or run tests
>     ====> Extra cubeb audio backends (OSS is always available)
>          ALSA=off: ALSA audio architecture support
>          JACK=off: JACK audio server support
>          PULSEAUDIO=off: PulseAudio sound server support
>          SNDIO=off: Sndio audio support
> 
> 
>     -- 
>     Although not designed for computation, PIO is quite likely Turing
>     complete, provided a long enough piece of tape can be found. It is
>     conjectured that it could run DOOM, given a sufficiently high clock
>     speed.  — The Raspberry Pi Pico datasheet on its PIO capability.
> 
> 
> Two things come to mind.
> 
> 1) Is the date/time correct on your machine?

chronyc tells me this machine is 19 microseconds slow from the correct
time. Close enough. :-)

> 2) Do you have the latest nss package installed?

arthur@arthur[4]▶ pkg info -x ca_root
ca_root_nss-3.104

> 
> When this happens to me, granted not very often, it's usually because my
> date/time wasn't synced.



-- 
Although not designed for computation, PIO is quite likely Turing
complete, provided a long enough piece of tape can be found. It is
conjectured that it could run DOOM, given a sufficiently high clock
speed.  — The Raspberry Pi Pico datasheet on its PIO capability.