Closed Bug 1057872 Opened 6 years ago Closed 6 years ago
Mozilla::pkix verification fails with www
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0 (Beta/Release) Build ID: 20140716183446 Steps to reproduce: I got a report on a Dutch website about a Mozilla::pkix failure with bandolera.com. I tried it myself and the bug is reproducable with FF 31 and also with the latest Nightly. Actual results: I got this: Secure Connection Failed An error occurred during a connection to www.bandolera.com. Invalid OCSP signing certificate in OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Expected results: I expected no failure, because the old verification does work: "security.use_mozillapkix_verification" set to false , and also for example IE.
www.bandolera.com is stapling an OCSP response that expired in February. Furthermore, the signing certificate it's sending in the response expired in April. This is an evangelism issue.
Assignee: nobody → dutch
Component: Security: PSM → Dutch
Product: Core → Tech Evangelism
Version: 31 Branch → unspecified
Contacted them via the contact form on their website.
Site works now with FF 31!
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.