Closed
Bug 518046
Opened 15 years ago
Closed 8 years ago
"OCSP server has no status for the certificate" should be override-able
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: bbayles, Unassigned)
References
(Blocks 1 open bug, )
Details
Jonathan Nightingale and Chris Ilias (SUMO) had this discussion about the "The OCSP server has no status for the certficiate" error message.
Currently, this displays as "Secure Connection Failed." If it displayed as "This Connection Is Untrusted," a user could add an exception to proceed.
>>
johnath: I think everything he said is correct there, but I actually wonder if we should file a bug about this case. Typically we offer the "add an exception" path any time there's an otherwise-acceptable certificate that we just can't verify the trustworthiness of, and the hard stop for technical failures or explicitly revoked certs, where proceeding is impossible
the OCSP server being confused isn't a great thing, but it sounds more like the first category than the second
so I think a bug in Core::Security:PSM saying that this error should be one that users can add exceptions for would be worth filing (though not critical - OCSP servers shouldn't be confused very often.
Updated•15 years ago
|
Keywords: user-doc-needed
Comment 1•14 years ago
|
||
I'm not clear which scenario this refers to. By default, if we can't get a response from the server, we are lenient and proceed anyway. Under which circumstances do you see the "OCSP server has no status" error message?
Assignee: kaie → nobody
Blocks: 157555
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
Updated•8 years ago
|
Keywords: user-doc-needed
You need to log in
before you can comment on or make changes to this bug.
Description
•