Correct NSS error string for SEC_ERROR_OCSP_RESPONDER_CERT_INVALID

RESOLVED FIXED in 3.11.9

Status

NSS
Tools
P2
normal
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Nelson Bolyard (seldom reads bugmail))

Tracking

3.11.7
3.11.9

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

The checkin for bug 255010 added some new error codes and error strings
to NSS 3.11.7 and NSS 3.12.  Among them is this one:

ER3(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID,  	(SEC_ERROR_BASE + 156),
"OCSP Trusted Responder Cert is invalid.")

That string in flawed.  A cert cannot be both trusted and invalid.
I should have caught this in review.  :-/

The error message refers to an ocsp responder that has been locally 
user-configured to handle all OCSP queries.  Such a responder is described
in RFC 2560 as a "locally configured" responder.  NSS also describes it as
a "default responder" (which name is misleading because it suggests that 
the responder is used only when some other responder is not explicitly 
specified, but in fact when an OCSP responder is "locally configured", it 
is used for all OCSP requests).  Some (new) NSS code internally refers to
a locally configured OCSP responder as a "Trusted Responder", and that 
appears to be the origin of this string.

The proposed new string value is:

"Configured OCSP responder's certificate is invalid."

Patch forthcoming.
(Assignee)

Comment 1

11 years ago
Created attachment 286915 [details] [diff] [review]
patch v1
Attachment #286915 - Flags: superreview?(alexei.volkov.bugs)
Attachment #286915 - Flags: review?(kengert)

Comment 2

11 years ago
Comment on attachment 286915 [details] [diff] [review]
patch v1

r=kaie
Attachment #286915 - Flags: review?(kengert) → review+
(Assignee)

Comment 3

11 years ago
Comment on attachment 286915 [details] [diff] [review]
patch v1

seeking second review for branch, for 3.11.8
Attachment #286915 - Flags: review?(julien.pierre.boogz)
(Assignee)

Updated

11 years ago
Priority: -- → P2

Updated

11 years ago
Attachment #286915 - Flags: review?(julien.pierre.boogz) → review+

Updated

11 years ago
Attachment #286915 - Flags: superreview?(alexei.volkov.bugs) → superreview+

Comment 4

11 years ago
Nelson, you might have missed this got all the reviews and is ready for check in.

If you want me to land it, just let me know.
(Assignee)

Comment 5

11 years ago
I'm holding off this checkin (and others) because the 3.11 branch is still 
closed.
(Assignee)

Comment 6

11 years ago
On trunk:
Checking in cmd/lib/SECerrs.h; new: 1.15;      previous: 1.14
On branch:
Checking in cmd/lib/SECerrs.h; new: 1.11.24.4; previous: 1.11.24.3
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Target Milestone: 3.11.8 → 3.11.9
You need to log in before you can comment on or make changes to this bug.