Closed
Bug 407810
Opened 17 years ago
Closed 17 years ago
Unable to override block of revoked certificate
Categories
(Firefox :: General, defect)
Firefox
General
Tracking
()
RESOLVED
DUPLICATE
of bug 401575
People
(Reporter: ryan, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b1) Gecko/2007110904 Firefox/3.0b1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b1) Gecko/2007110904 Firefox/3.0b1 It appears Firefox 3 will be the first browser ever to check against certificate revocation lists, as I just came across a site that appears to have a revoked certificate, but FF3b1 is the first browser I've encountered that has even warned about it, let along block it. Reproducible: Always Steps to Reproduce: 1. Go to https://www.atacom.com/ 2. Watch as you are blocked 3. Note no way to acknowledge and override Actual Results: An error occurred during a connection to www.atacom.com. Peer's Certificate has been revoked. (Error code: sec_error_revoked_certificate) Expected Results: Nice, strong words about how there's probably a valid reason why the certificate is revoked. Give the user the option of acknowledging and ignoring the problem, with a procedure similar to when a certificate signed by an unknown CA is encountered.
Updated•17 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Comment 2•17 years ago
|
||
The work around is to disable OCSP validation, under the validation button (also on Tools->Options->Advanced->Encryption). But that's hardly user-friendly. Note: the CRL URL is http://SVRSecure-crl.verisign.com/SVRSecure2005.crl and uses OCSP http://ocsp.verisign.com Kevin: I don't see why this is a duplicate of bug 401575, since you do not get the opportunity to add an exception...
Reporter | ||
Comment 3•17 years ago
|
||
Jo: Thanks. I went digging around about:config for "revocation", "crl", etc, but didn't find anything. It didn't occur to me to look in Options :)
(In reply to comment #2) > The work around is to disable OCSP validation, under the validation button > (also on Tools->Options->Advanced->Encryption). But that's hardly > user-friendly. > > Note: the CRL URL is http://SVRSecure-crl.verisign.com/SVRSecure2005.crl and > uses OCSP http://ocsp.verisign.com > > Kevin: I don't see why this is a duplicate of bug 401575, since you do not get > the opportunity to add an exception... Aren't certificates usually revoked for a good reason? So I don't quite see why there should be a user-friendly way to get around this error...
You need to log in
before you can comment on or make changes to this bug.
Description
•