Closed
Bug 153905
Opened 23 years ago
Closed 23 years ago
Unable to negotiate secure connection
Categories
(Core Graveyard :: Security: UI, defect, P3)
Tracking
(Not tracked)
VERIFIED
WORKSFORME
People
(Reporter: mlaster, Assigned: ssaux)
References
()
Details
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.1a) Gecko/20020610
BuildID: 2002061014
When I try to go this URL, I get the following error:
Error trying to validate certificate from www48.americanexpress.com using OSCP -
unauthorized request.
I can securely connect fine from OmniWeb, so I know the server isn't misconfigured.
Reproducible: Always
Steps to Reproduce:
1. Go to URL
Actual Results: Error message: Error trying to validate certificate from
www48.americanexpress.com using OSCP - unauthorized request.
Expected Results: It should have negotiated a secure session and returned the page.
-> PSM.
Assignee: new-network-bugs → ssaux
Component: Networking → Client Library
Product: Browser → PSM
QA Contact: benc → junruh
Version: other → 1.01
|
||
Comment 2•23 years ago
|
||
The workaround is to turn off OCSP, which is off by default.
Edit>Prefs>Privacy>Validation>Do not use OCSP.
Priority: -- → P3
Version: 1.01 → 2.3
Mike, when I access the URL, I'm redirected to
[http://www.americanexpress.com/homepage/mt_personal.shtml]. What other steps
did you take to get to that point?
|
|
Reporter | |
Comment 4•23 years ago
|
||
Strange...there are no additional steps for me. Let's try backing up one page.
Start at: http://www.americanexpress.com/homepage/personal.shtml
And then click on the "Login in to check & pay your bill online" link. That is the original
URL I posted, and the one that is giving me trouble.
Confirmed using FizzillaCFM/2002061014, with OCSP set to "Use OSCP to validate
only certificates that specify an OCSP service URL." Reducing Severity to minor
since the workaround is as specified in Comment #2.
Severity: normal → minor
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
||
Comment 6•23 years ago
|
||
Looks like a dupe of bug 151271.
|
|
Assignee | |
Comment 7•23 years ago
|
||
NSS landed the code to properly recognize the "unauthorized" error from the OCSP
responder. The error still prevents the user from connecting to the site, but
that's the correct behavior. We've talked to Verisign about this and they agreed
that they sometime improperly return an "unauthorized" response because of a
server side misconfiguration.
Reporter please try a recent branch build.
|
|
Reporter | |
Comment 8•23 years ago
|
||
The problem is still there on build 2002062408. I can work around this problem
by disabling OCSP entirely. This workaround is good enough for my use. I just
wanted to report the problem so that it is brought to someone's attention. If
it's actually a server misconfiguration, maybe it would be useful for the error
message to explain the situation with enough detail that it can be forewarded to
the webmaster of the offending site in hopes of getting the problem fixed.
|
|
||
Comment 9•23 years ago
|
||
Marking works for me.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
|
||
Updated•9 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•