Closed Bug 662239 Opened 14 years ago Closed 14 years ago

Implement RFC 5019

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 436414

People

(Reporter: koichi.sugimoto, Unassigned)

Details

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; YTB730; GTB7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C) Build Identifier: firefox-4.0.1 RFC 5019 specifies how to request to OCSP responder by clients. At first, clients MUST use the GET method. But firefox only uses POST method. The corresponding source is: /security/nss/lib/certhigh/ocsp.c Only POST method is supported. Reproducible: Always Steps to Reproduce: 1.Browse SSL web site which server's certificate includes AIA-OCSP uri. 2.Check OCSP request generated by browser. Actual Results: OCSP request is sent via HTTP-POST at every time. Expected Results: At first, clients MUST use the GET method. RFC 5019: http://www.ietf.org/rfc/rfc5019.txt Client behaviour is specified at page 9 (5. Transport Profile).
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.