Closed Bug 518046 Opened 15 years ago Closed 8 years ago

"OCSP server has no status for the certificate" should be override-able

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: bbayles, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

Jonathan Nightingale and Chris Ilias (SUMO) had this discussion about the "The OCSP server has no status for the certficiate" error message.

Currently, this displays as "Secure Connection Failed." If it displayed as "This Connection Is Untrusted," a user could add an exception to proceed.

>>
johnath: I think everything he said is correct there, but I actually wonder if we should file a bug about this case. Typically we offer the "add an exception" path any time there's an otherwise-acceptable certificate that we just can't verify the trustworthiness of, and the hard stop for technical failures or explicitly revoked certs, where proceeding is impossible

the OCSP server being confused isn't a great thing, but it sounds more like the first category than the second

so I think a bug in Core::Security:PSM saying that this error should be one that users can add exceptions for would be worth filing (though not critical - OCSP servers shouldn't be confused very often.
I'm not clear which scenario this refers to.

By default, if we can't get a response from the server, we are lenient and proceed anyway. Under which circumstances do you see the "OCSP server has no status" error message?
Assignee: kaie → nobody
Blocks: 157555
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.