Closed
Bug 136459
Opened 23 years ago
Closed 23 years ago
OCSP settings cause invalid signature.
Categories
(MailNews Core :: Security: S/MIME, defect)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 108250
People
(Reporter: carosendahl, Assigned: ssaux)
Details
Using the Intranet CA, signed by GTE Cybertrust Root CA, both of which have been
marked as trusted for all uses.
Change preferences->Privacy&Security->Validation "Use OCSP to validate only
certificates that specify an OCSP URL", which the Intranet CA does. I do not
know the value of the URL however. The details spit out a bunch of hex values
for the extension.
All certs then become invalid.
There is confusion for the following reasons:
1. All CA certs in the chain have been marked as trusted.
2. The viewing of the certificate details displays the following text:
"The certificate has been verified for the following uses:"
with an empty list of privileges.
3. The security info dialog in the composition window displays all certs signed
by the intranet CA as invalid.
There needs to be a better error message indicating that:
- OCSP is being used instead of trust bits (which I believe is correct to override)
- The certificate is valid, but it is valid for nothing (!)
- Errors related to interacting with OCSP services.
Invalid signature - can't sign
Invalid encryption certs - encrypt anyway
Verified for use: No entries
Reporter | ||
Comment 1•23 years ago
|
||
Are we fixing OCSP for RTM? It currently fails extremely ungracefully.
see also bug 136469.
Updated•23 years ago
|
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Comment 2•23 years ago
|
||
This is a problem with our intranet OCSP responder, not with mozilla.
*** This bug has been marked as a duplicate of 108250 ***
You need to log in
before you can comment on or make changes to this bug.
Description
•