Closed
Bug 1007076
Opened 10 years ago
Closed 9 years ago
mozilla::pkix cannot connect to mail.aol.com and various other sites
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: iii_iii, Unassigned)
References
()
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 (Beta/Release) Build ID: 20140506030204 Steps to reproduce: Go to https://mail.aol.com or https://my.screenname.aol.com with security.OCSP.require;true and security.use_mozillapkix_verification;true Actual results: An error occurred during a connection to mail.aol.com. The OCSP server experienced an internal error. (Error code: sec_error_ocsp_server_error) Expected results: Secure connection to aol. Switching pkix off results in secure connection to aol. The server is ocsp.verisign.com. I can see there is another bug about old certificates, but the error message here is different.
Another example: https://esta.cbp.dhs.gov/
Another example: https://ais.usvisa-info.com/en-es/niv
Updated•10 years ago
|
Component: Untriaged → Security
Product: Firefox → Core
Comment 3•10 years ago
|
||
Confirmed in 32.0a1 (2014-05-07), Win 7 x64
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Another https://www.foreverliving.com/
Comment 5•9 years ago
|
||
Is this still an issue? All of these sites work for me on Aurora 38 security.OCSP.require = true. (mozilla::pkix is the only option starting in Firefox 33, so security.use_mozillapkix_verification is meaningless past Firefox 32.)
Flags: needinfo?(iii_iii)
Comment 6•9 years ago
|
||
(In reply to Cykesiopka from comment #5) > Is this still an issue? All of these sites work for me on Aurora 38 > security.OCSP.require = true. ... on Aurora 38 with security.OCSP.require set to true.
Comment 7•9 years ago
|
||
Hi, I just wanted to give a friendly ping with regards to the ni? request from comment 5. Thanks!
I can access the sites with OCSP.require set to true, on Firefox 38. So if pkix is on by default now, then it is no longer an issue.
Flags: needinfo?(iii_iii)
Comment 9•9 years ago
|
||
(In reply to iii_iii from comment #8) > I can access the sites with OCSP.require set to true, on Firefox 38. So if > pkix is on by default now, then it is no longer an issue. As mentioned in comment 5, mozilla::pkix has been the only option since Firefox 33. Thanks for checking!
Status: NEW → RESOLVED
Closed: 9 years ago
Component: Security → Security: PSM
Resolution: --- → WORKSFORME
Summary: pkix cannot connect to mail.aol.com → mozilla::pkix cannot connect to mail.aol.com and various other sites
You need to log in
before you can comment on or make changes to this bug.
Description
•