Closed Bug 462966 Opened 16 years ago Closed 10 years ago

PSM reports OCSP error for site with an expired cert

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1045739

People

(Reporter: nelson, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

(Whiteboard: [psm-cert-errors]) 

Using SM trunk nightly from 20081006, I visit 
https://www.cyberguard.com/download/white_paper/en_SSL.pdf
and get an error page complaining 

   The OCSP server has refused this request as unauthorized.
   (Error code: sec_error_ocsp_unauthorized_request)

The cert is actually EXPIRED.  The server is correctly telling us that 
it does not answer requests for expired certs.

We should not be attempting an OCSP check on an expired cert.  

But whether we do or not, the error page should tell us that the cert is expired.  That is the most important fact in this case.  

It should also let us look at the cert, even if it does not let us set
a security exception, but maybe present FF UI makes that difficult or 
impossible.
Just to clarify, the central issue of this bug is that it reported an 
OCSP error when it should have reported that the cert was expired.

Other issues, such as whether it should even attempt an OCSP query and
whether it lets us look at the bad cert are secondary.  The key thing
is: when a cert is expired, that's what PSM should tell us about it.
Assignee: kaie → nobody
Blocks: 157555
Whiteboard: [psm-cert-errors]
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.