Closed Bug 407810 Opened 17 years ago Closed 17 years ago

Unable to override block of revoked certificate

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 401575

People

(Reporter: ryan, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b1) Gecko/2007110904 Firefox/3.0b1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b1) Gecko/2007110904 Firefox/3.0b1

It appears Firefox 3 will be the first browser ever to check against certificate revocation lists, as I just came across a site that appears to have a revoked certificate, but FF3b1 is the first browser I've encountered that has even warned about it, let along block it.

Reproducible: Always

Steps to Reproduce:
1. Go to https://www.atacom.com/
2. Watch as you are blocked
3. Note no way to acknowledge and override
Actual Results:  
An error occurred during a connection to www.atacom.com.
Peer's Certificate has been revoked.
(Error code: sec_error_revoked_certificate)
      

Expected Results:  
Nice, strong words about how there's probably a valid reason why the certificate is revoked.  Give the user the option of acknowledging and ignoring the problem, with a procedure similar to when a certificate signed by an unknown CA is encountered.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
The work around is to disable OCSP validation, under the validation button
(also on Tools->Options->Advanced->Encryption). But that's hardly
user-friendly.

Note: the CRL URL is http://SVRSecure-crl.verisign.com/SVRSecure2005.crl and
uses OCSP http://ocsp.verisign.com

Kevin: I don't see why this is a duplicate of bug 401575, since you do not get the opportunity to add an exception...
Jo: Thanks.  I went digging around about:config for "revocation", "crl", etc, but didn't find anything.  It didn't occur to me to look in Options :)
(In reply to comment #2)
> The work around is to disable OCSP validation, under the validation button
> (also on Tools->Options->Advanced->Encryption). But that's hardly
> user-friendly.
> 
> Note: the CRL URL is http://SVRSecure-crl.verisign.com/SVRSecure2005.crl and
> uses OCSP http://ocsp.verisign.com
> 
> Kevin: I don't see why this is a duplicate of bug 401575, since you do not get
> the opportunity to add an exception...

Aren't certificates usually revoked for a good reason? So I don't quite see why there should be a user-friendly way to get around this error...
You need to log in before you can comment on or make changes to this bug.