Closed Bug 1331117 Opened 7 years ago Closed 7 years ago

Can't view certificate information with OCSP Must-Staple errors present

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 943937

People

(Reporter: strugee, Unassigned)

References

Details

STR:

1. Visit a site that has presents a certificate with OCSP Must-Staple, but that doesn't actually provide stapling information
2. Notice how Firefox presents MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING, as it should
3. Click the information icon at the left of the URL bar
4. Click the arrow to the right of the hostname
5. Click "More information"

At this point, the dialog should allow me to inspect the certificate, like it does if the HTTPS connection is successful or even if the cert hostname doesn't match, etc. However, instead, it doesn't show any certificate information at all. AFAICT the dialog is the exact same as it would be if it were served over HTTP. This is problematic since I'd like to examine the cert my server is sending to make sure it's the one I expect, but can't.

If you want a nice example of this, go bug the Chromium folks: https://github.com/chromium/badssl.com/pull/115

I'm on Mac OS X 10.11.6 (El Capitan) and Firefox Nightly built Jan. 12, 2017.
Thanks for filing this. We're already tracking the issue of not providing enough diagnostic information in these cases in bug 943937.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Ah, sorry for the duplicate! I searched but didn't find that one since it's so much more general.
No worries :)
Sometimes having duplicates is a good indication that we should increase the prioritization of a bug (which I think is the case here).
You need to log in before you can comment on or make changes to this bug.