OCSP error - date is in the future



14 years ago
14 years ago


(Reporter: Wild Willy Kredentser, Assigned: Wan-Teh Chang)


Firefox Tracking Flags

(Not tracked)





14 years ago
User-Agent:       Mozilla/5.0 (OS/2; U; Warp 4; en-US; rv:1.5) Gecko/20031017
Build Identifier: Mozilla/5.0 (OS/2; U; Warp 4; en-US; rv:1.5) Gecko/20031017

The 2 sites I cite use Verisign for encryption & security.  I'm getting an error
popup dialog box saying OCSP validation failed because a date was in the future.

This problem does not occur with Mozilla 1.4.1.  (And you don't suck by a long
shot.  <:-)) )

Reproducible: Always

Steps to Reproduce:
1. Just try to surf to https://www.accountonline.com/View?docId=Index&siteId=AC


1. Surf to http://www.providentbank.com/
2.Click the "Online Banking" link in the navigation boz on the left.

Actual Results:  
Alert box.  Text reads:

Error trying to validate certificate from <site> using OCSP - response contains
a date which is in the future.

Expected Results:  
It should have proceeded to a secure page on which I enter my user ID & password.

I'm not sure if this really is a security problem that must be kept confidential
because it occurs BEFORE I get a chance to enter the confidential stuff.  But
I'm checking the box anyway because I'd rather err on the side of caution.

Comment 1

14 years ago
I was checking to see if any progress had been made on this one & I wanted to
see if I was alone.  I have discovered several other reported bugs that look
like duplicates of this one.  (So I suppose I should apologize for adding to the
load.)  They are 220740, 224593, & 188986.  A couple of them also show they are
running OS/2, like me.  But one of them is running Windows.

I also found the advice to set my system clock forward.  I tried putting it
forward a couple of minutes, and even a whole hour.  Makes no difference.

Comment 2

14 years ago
Sorry.  I forgot to add that this bug persists with the 1.6 Alpha.  I got this
build specifically to see if the bug had been fixed.  It has not.  However, 1.6a
seems to work fine otherwise so I'm continuing to use it.  I have kept a
separate directory structure of 1.4.1 for the sole purpose of being able to do
my online credit card & banking transactions.  I'd sure like to save that disk
space . . .

Comment 3

14 years ago
I made this a security sensitive Bug when I created it but I realize now I was
being overly cautious.  I don't mind if you remove that restriction.  I don't
seem to be able to do that myself.
-> NSS
Component: Security: General → Libraries
Product: Browser → NSS
Version: Trunk → unspecified
Reassign for real...
Assignee: security-bugs → wchang0222
QA Contact: bishakhabanerjee

Comment 6

14 years ago
Did you notice Bug 157555?

Comment 7

14 years ago
And Bug 220740?
This is a dup of a bug that is not-security sensitive.

*** This bug has been marked as a duplicate of 188986 ***
Group: security
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE
my mistake, dup'ed wrong bug.
Resolution: DUPLICATE → ---
Wild Willy, there was a known problem in OS/2 that affected this.
Although you didn't state, above that you use OS/2, it appears from your 
comments in other bugs that you do use OS/2, so This is a dup of 220740

*** This bug has been marked as a duplicate of 220740 ***
Last Resolved: 14 years ago14 years ago
OS: other → OS/2
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.