Closed Bug 794728 Opened 12 years ago Closed 10 years ago

Firefox may sometimes give the wrong error message for some expired certificates

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1045739

People

(Reporter: briansmith, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

Screen shot showing "The OCSP responder refused this request as unauthorized"
(deleted), image/png
Details
See the blog post at http://unmitigatedrisk.com/?p=207. The author claims that Firefox (sometimes) shows an unhelpful error "The OCSP responder refused this request as unauthorized" because we are doing revocation checking on an expired certificate, and the OCSP responder returns an "unauthorized" response. However, when I tried it locally, I got an "expired" warning. It is possible that the problem is intermittent and/or that it happens in a non-default configuration. The author suggests that we should not even attempt to do revocation fetching for an expired certificate.
(In reply to Brian Smith (:briansmith, was :bsmith; NEEDINFO? for response) from comment #0) > The author suggests that we should not even attempt to do revocation > fetching for an expired certificate. Indeed, it doesn't make sense, in general, to do revocation checking for an expired certificate. insanity::pkix will fix this.
Depends on: mozilla::pkix
I fixed this with mozilla::pkix, and then I re-broke it again in mozilla::pkix. Now it is a dupe of that bug.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: