Closed Bug 230305 Opened 22 years ago Closed 19 years ago

Error Trying to Validate Certificate Using OCSP - Directory Lookup Error

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
Other Branch
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: RWhitehouse2, Unassigned)

References

(
URL
)

Details

(Whiteboard: [kerh-noi])

User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6b) Gecko/20031208 Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6b) Gecko/20031208 Trying to download latest release of J2SE (V1.4.2_03) from Java web site and get the error message specified in "Actual Results" section when I click the "download" link for J2SE V1.4.2_03 SDK on the "Download Java 2 Platform, ..." page. Reproducible: Always Steps to Reproduce: 1. Go to http://java.sun.com/j2se/1.4.2/download.html 2. Scroll down to the "Download J2SE V1.4.2_03" section. 3. Click the "download" link in the SDK column of the first row (32-bit/64-bit for Windows/Linux/Solaris SPARC 32-bit for Solaris x86). Actual Results: Error dialog appears with the following message: Error trying to validate certificate from jsecom16.sun.com using OCSP - directory lookup error. Expected Results: Next page displays in which user accepts or declines license agreement. I am using the Sky Pilot Classic Trunk theme, but is also occurs with the default theme. I have successfully downloaded previous versions of the SDK from this site previously using an earlier version of Mozilla.
I am experiencing the same problem. Experienced it earlier on Moz1.6 with the J2EE download, and also on this link: https://www.sun.com/corp_emp/zone/build.cgi It gives error: "Error trying to validate certificate from www.sun.com using OSCP - directory lookup error" Always reproduceable. Experienced on 1.6final win32 and the 20040127 nightly.
*** Bug 241016 has been marked as a duplicate of this bug. ***
I think I get this error intermittently checking for mail with comcast also.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Sorry folks, this is not a bug in mozilla. This is proper mozilla behavior. The problem is that the certificate for these sun http web sites gives the following URL for its OCSP server: http://va.central.sun.com and DNS directory lookups on that host name fail. Try it for yourself. Do this: nslookup va.central.sun.com or ping va.central.sun.com So, the "bug" here is that sun is using certs on their public https servers that refer to an OCSP server that sun has not listed in their public DNS server. You should contact Sun about their error. We can either mark this bug invalid, or turn it into a bug about the text of the error message. "DNS lookup error" would be more clear, IMO than "directory lookup error". Question to the submittor and other commenters in this bug: Would "DNS lookup error" have made the problem any more clear to you? If not, suggest another phrase that would.
I would like the option of being abloe to ignore the warning and still download the software! Why does Mozilla just quit?
Nelson, va.central.csun.com is an internal site. I don't know the contact person to get this fixed on the public site. James, You could disable OCSP checking and that should allow you to download the software.
I could disable OSCP, but then I have no checking. I think the correct action is to check and be notified if there is a problem and then be given a choice of whether to accept the site.
I am getting the same error, while trying to access gmail.google.com. Following the message, the login page loads but the box with the login fields (name/password) is empty. I tested this again with the latest nightly build with Firefox on W2K. I wonder if this has anything to do with the fact that I'm behind a company firewall? Is there any way I can find out what exactly is Firefox trying to access that can not be reached? As for the message test, I think that using DNS/OCSP are technical terms, that a regular user will not udnerstand, and the message also does not specify what exactly the user can do to rectify the error (if possible). I do not know if Mozilla/Firefox have any usability style guide but you can look at Gnome's: http://developer.gnome.org/projects/gup/hig/2.0/language-errors.html I think something like this would be better: <B>Security certificate could not be validated, so items on this page may not display/behave correctly</b> You might want to report this error to the webmaster of the site you try to visit. The error is: Certificate validation using OCSP failed - Directory Lookup Error, site address is ~whatever~ If there can be a way to allow this message to be copied to the clipboard it would be great, so that the user won't have to copy it manually. (btw this is a general comment - maybe such errors need to be accessible via Tools/View errors).
Small update: I deleted the old profile and now I don't get the message any more. Might have been some compatibility problem with an older profile. If it's possible to identify such situations and reset the profile sections that affect it without deleting the old profile it will be great.
With regards to the wording and options.... IE says "Revocation information for the security certificate for this site is not available. Do you wish to proceed?" YES / NO
Assignee: kaie → nobody
Product: PSM → Core
Whiteboard: [kerh-noi]
Using XP, an automatic update installed this afternoon, and ever since I get the message "Error trying to validate certificate from website (mypointsgames.com - login, and citibank.com - login) using OCSP - server is busy try again later." when trying to login to these sites. However, when using Internet Explorer (yuk) I am able to access them without incident.
Mark, In response to comment 11, this OCSP error had nothing to do with any windows update. I got it on Solaris too. I believe an actual OCSP server (probably Verisign) was down today.
I removed the Automatic Update 'Security Update for Windows XP (KB913580)' and as it was uninstalling it told me that Mozilla Firefox may not operate properly if I uninstall it. However, whatever damage it has done to Firefox seems to be permanent. I've reinstalled Firefox to no avail. Also, Bankofamerica.com has a different message when trying to login: Error establishing an encrypted connection to sitekey.bankofamerica.com Error Code -8048 I am able to use these sites on my XP Laptop that has not had the Security Update mentioned above installed.
(In reply to comment #13) > Also, Bankofamerica.com has a different message when trying to login: > Error establishing an encrypted connection to sitekey.bankofamerica.com Error > Code -8048 Does this error go away when you turn off OCSP?
According to Nelson in comment 4, and I agree, being unable to contact a ocsp responder, mentioned on a public site, but protected behind a firewall, is not a bug in Mozilla. I'm closing this as invalid. James, in comment 5 you propose there should be a way to continue after an ocsp verification failure. This is bug 151271.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.