2001122106 When the "Only for certificates that specify an OCSP address" option is turned on this error can occur: You cannot connect to lc3.law13.hotmail.passport.com because of an unknown SSL error (-8061) This is rather cryptic and doesn't mean much to joe average. I'm marking this as major as this error can block Hotmail and sourceforge. A better error message along these lines would be better: An error has occured validating <site name> certificate. If you wish to go on regardless, click ok. You can turn certificate checking of in "Preferenced - Privacy & security - Validation - Never use OCSP for certificate validation"
*** Bug 117397 has been marked as a duplicate of this bug. ***
Confirming; this is a problem. Setting OS and platform to "All".
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 98 → All
Hardware: PC → All
I have a first-pass attempt at a fix for this. It only informs the user what is wrong, and they can turn of OCSP via preferences; it doesn't give an option to go ahead anyways. Nominating this for Mozilla1.0
Keywords: mozilla1.0, patch, review
Created attachment 63942 [details] [diff] [review] First attempt at a fix to give more informative user messages for OCSP errors. Only gives user some info on what the problem is, and how to deactivate OCSP via preferences.
Thank you for the bug report and the suggested fix. I am reassigning the bug to the owner of the code (PSM) for their review.
Assignee: wtc → ssaux
Component: Libraries → Daemon
Product: NSS → PSM
QA Contact: sonja.mirtitsch → junruh
rangan, please see whether your Unknown SSL Error patch cover all of these. If it does, please dup this bug.
Assignee: ssaux → rangansen
Priority: -- → P1
Target Milestone: --- → 2.2
bug#107491 handles these case,s plus others, excluding OCSPNotEnabled and OCSPNoDefaultResponder. OCSPNotEnabled would not occur in an ssl connection attempt, because unless it is enabled, a ocsp validation is not atempted. OCSPNoDefaultResponder would not occur unless we have a bug in PSM - but still might be a good idea to handle this...
Marking dup. Shall ensure OCSPNoDefaultResponder case goes in .. *** This bug has been marked as a duplicate of 107491 ***
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.