Closed
Bug 1007895
Opened 10 years ago
Closed 10 years ago
With security.OCSP.require=true, some sites display error: sec_error_ocsp_bad_signature
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: mwobensmith, Unassigned)
References
Details
With this preference set to true, these sites display this error. https://www.hrd.gov.tw/ https://iocs.mocs.gov.tw/ We should investigate to make sure we are correctly verifying the signature.
Those sites now work for me - maybe it was a server issue they fixed on their own?
Reporter | ||
Comment 2•10 years ago
|
||
I re-tested and I'm getting different behavior than I observed on 2014-05-07, Fx31. The first site displays the error sec_error_ocsp_try_server_later, but loads on refresh. The second site is blocked with an SSL error indicating sec_error_unknown_issuer, but also loads on refresh. I can also reproduce the same behavior on Fx29, default OCSP prefs.
These sites work for both Camilo and me, so marking WORKSFORME for now. (I suspect the problem is an intermittent issue with their OCSP responder, which isn't something we can change.)
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
Comment 4•7 years ago
|
||
Getting same error on https://bitmessage.org/ "The page you are trying to view cannot be shown because the authenticity of the received data could not be verified." - I get it, it's a security thing, thanks for the heads up I'll be careful - but take me there anyway. There really should be a way to walk past it.
If this is the same root cause, you can set security.OCSP.require = false in about:config to avoid the error.
Same issue here with member only website (https://acrem.net) that I manage, no changes to the website between last use and this error. security.OCSP.require already false, changing .OCSP.enabled to 0 also made no difference. Chrome works on website no probs.
All these pages uses StartCom Ltd. SSL certificates. My web pages using certificates of StartCom show the same error when connecting. Is this a configuration problem of StartCom (https://www.startssl.com/)?
Comment 8•7 years ago
|
||
(In reply to oli-ver from comment #7) > All these pages uses StartCom Ltd. SSL certificates. My web pages using > certificates of StartCom show the same error when connecting. Is this a > configuration problem of StartCom (https://www.startssl.com/)? Looks like that's it: https://github.com/Bitmessage/PyBitmessage/issues/921#issuecomment-264443499
The support chat of StartCom just confirmed it. They are currently working on this issue.
Comment 10•7 years ago
|
||
My websites are not accessible anymore. Before, I had this error randomly. Refreshing the page eventually worked, but today it is not working at all: https://www.forumanalogue.fr/ Any chance it will be fixed soon? :)
You need to log in
before you can comment on or make changes to this bug.
Description
•