Closed Bug 1007076 Opened 10 years ago Closed 9 years ago

mozilla::pkix cannot connect to mail.aol.com and various other sites

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
32 Branch
Platform:
x86_64
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: iii_iii, Unassigned)

References

(
URL
)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 (Beta/Release)
Build ID: 20140506030204

Steps to reproduce:

Go to https://mail.aol.com or https://my.screenname.aol.com with security.OCSP.require;true and security.use_mozillapkix_verification;true



Actual results:

An error occurred during a connection to mail.aol.com. The OCSP server experienced an internal error. (Error code: sec_error_ocsp_server_error) 


Expected results:

Secure connection to aol. Switching pkix off results in secure connection to aol.

The server is ocsp.verisign.com. I can see there is another bug about old certificates, but the error message here is different.
URL: https://mail.aol.com/
Another example:

https://esta.cbp.dhs.gov/
Another example:

https://ais.usvisa-info.com/en-es/niv
Component: Untriaged → Security
Product: Firefox → Core
Confirmed in 32.0a1 (2014-05-07), Win 7 x64
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Another

https://www.foreverliving.com/
Is this still an issue? All of these sites work for me on Aurora 38 security.OCSP.require = true.
(mozilla::pkix is the only option starting in Firefox 33, so security.use_mozillapkix_verification is meaningless past Firefox 32.)
Flags: needinfo?(iii_iii)
(In reply to Cykesiopka from comment #5)
> Is this still an issue? All of these sites work for me on Aurora 38
> security.OCSP.require = true.

... on Aurora 38 with security.OCSP.require set to true.
Hi,

I just wanted to give a friendly ping with regards to the ni? request from comment 5.

Thanks!
I can access the sites with OCSP.require set to true, on Firefox 38. So if pkix is on by default now, then it is no longer an issue.
Flags: needinfo?(iii_iii)
(In reply to iii_iii from comment #8)
> I can access the sites with OCSP.require set to true, on Firefox 38. So if
> pkix is on by default now, then it is no longer an issue.

As mentioned in comment 5, mozilla::pkix has been the only option since Firefox 33.
Thanks for checking!
Status: NEW → RESOLVED
Closed: 9 years ago
Component: Security → Security: PSM
Resolution: --- → WORKSFORME
Summary: pkix cannot connect to mail.aol.com → mozilla::pkix cannot connect to mail.aol.com and various other sites
You need to log in before you can comment on or make changes to this bug.