Closed Bug 1057872 Opened 6 years ago Closed 6 years ago

Mozilla::pkix verification fails with www.bandolera.com

Categories

(Tech Evangelism Graveyard :: Dutch, defect)

x86_64
Windows 7
defect
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: ovaalst, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0 (Beta/Release)
Build ID: 20140716183446

Steps to reproduce:

I got a report on a Dutch website about a Mozilla::pkix failure with bandolera.com. I tried it myself and the bug is reproducable with FF 31 and also with the latest Nightly.


Actual results:

I got this:

Secure Connection Failed
An error occurred during a connection to www.bandolera.com. Invalid OCSP signing certificate in OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.



Expected results:

I expected no failure, because the old verification does work: "security.use_mozillapkix_verification" set to false , and also for example IE.
Component: Untriaged → Security: PSM
Product: Firefox → Core
www.bandolera.com is stapling an OCSP response that expired in February. Furthermore, the signing certificate it's sending in the response expired in April. This is an evangelism issue.
Assignee: nobody → dutch
Component: Security: PSM → Dutch
Product: Core → Tech Evangelism
Version: 31 Branch → unspecified
Contacted them via the contact form on their website.
Site works now with FF 31!
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.