Closed Bug 495380 Opened 16 years ago Closed 4 years ago

SEC_ERROR_OCSP_SERVER_ERROR is grossly ambiguous

Categories

(Core :: Security: PSM, defect, P5)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: nelson, Assigned: alvolkov.bgs)

Details

(Whiteboard: [nss-nofx])

I received the following critque of NSS's OCSP code in email. > SEC_ERROR_OCSP_SERVER_ERROR is used 5 times in ocsp.c for everything > from an internal OCSP server error to failing create the request session > and any number of different problems writing the request to the remote > server. When something goes bump in the night you have to attach a > debugger to see which bump it is. I think we should seriously attempt to change those 5 uses of that error code so that they report unique error codes for some (if not all) of them.
Agreed, It just happened to me and I didn't have a clue what it meant, googling doesn't help. I am reasoably tech savvy.
After I renewed the SSL certificate for a domain Firefox shows this bug/error on https:// Only solution I could find was to toggle security.ssl.enable_ocsp_stapling to false. Other browsers show it fine, but I am unable to understand the exact reason for the problem in Firefox. I would appreciate a more specific error message!
Severity: normal → N/A
Priority: -- → P5
Whiteboard: [nss-nofx]
Component: Libraries → Security: PSM
Product: NSS → Core
Version: trunk → unspecified

In as much as this applies to Firefox, users will essentially only see this error when a server staples an OCSP response with an OCSPResponseStatus of internalError. Since Firefox has no more information than this, there's not much we can do.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.