Closed
Bug 401970
Opened 17 years ago
Closed 17 years ago
Correct NSS error string for SEC_ERROR_OCSP_RESPONDER_CERT_INVALID
Categories
(NSS :: Tools, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.9
People
(Reporter: nelson, Assigned: nelson)
References
Details
Attachments
(1 file)
|
763 bytes,
patch
|
KaiE
:
review+
julien.pierre
:
review+
alvolkov.bgs
:
superreview+
|
Details | Diff | Splinter Review |
The checkin for bug 255010 added some new error codes and error strings
to NSS 3.11.7 and NSS 3.12. Among them is this one:
ER3(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID, (SEC_ERROR_BASE + 156),
"OCSP Trusted Responder Cert is invalid.")
That string in flawed. A cert cannot be both trusted and invalid.
I should have caught this in review. :-/
The error message refers to an ocsp responder that has been locally
user-configured to handle all OCSP queries. Such a responder is described
in RFC 2560 as a "locally configured" responder. NSS also describes it as
a "default responder" (which name is misleading because it suggests that
the responder is used only when some other responder is not explicitly
specified, but in fact when an OCSP responder is "locally configured", it
is used for all OCSP requests). Some (new) NSS code internally refers to
a locally configured OCSP responder as a "Trusted Responder", and that
appears to be the origin of this string.
The proposed new string value is:
"Configured OCSP responder's certificate is invalid."
Patch forthcoming.
|
Assignee | |
Comment 1•17 years ago
|
||
Attachment #286915 -
Flags: superreview?(alexei.volkov.bugs)
Attachment #286915 -
Flags: review?(kengert)
|
||
Comment 2•17 years ago
|
||
Comment on attachment 286915 [details] [diff] [review]
patch v1
r=kaie
Attachment #286915 -
Flags: review?(kengert) → review+
|
|
Assignee | |
Comment 3•17 years ago
|
||
Comment on attachment 286915 [details] [diff] [review]
patch v1
seeking second review for branch, for 3.11.8
Attachment #286915 -
Flags: review?(julien.pierre.boogz)
|
|
Assignee | |
Updated•17 years ago
|
Priority: -- → P2
|
||
Updated•17 years ago
|
Attachment #286915 -
Flags: review?(julien.pierre.boogz) → review+
|
||
Updated•17 years ago
|
Attachment #286915 -
Flags: superreview?(alexei.volkov.bugs) → superreview+
|
|
||
Comment 4•17 years ago
|
||
Nelson, you might have missed this got all the reviews and is ready for check in.
If you want me to land it, just let me know.
|
|
Assignee | |
Comment 5•17 years ago
|
||
I'm holding off this checkin (and others) because the 3.11 branch is still
closed.
|
|
Assignee | |
Comment 6•17 years ago
|
||
On trunk:
Checking in cmd/lib/SECerrs.h; new: 1.15; previous: 1.14
On branch:
Checking in cmd/lib/SECerrs.h; new: 1.11.24.4; previous: 1.11.24.3
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Target Milestone: 3.11.8 → 3.11.9
You need to log in
before you can comment on or make changes to this bug.
Description
•