Bug#887798: firefox-esr: impossible to connect to Google domains
Vincent Lefevre
vincent at vinc17.net
Sun Jan 21 22:52:28 UTC 2018
On 2018-01-22 07:12:15 +0900, Mike Hommey wrote:
> On Sun, Jan 21, 2018 at 06:33:00PM +0000, Viktor Jägersküpper wrote:
> > On Sat, 20 Jan 2018 11:30:56 +0100 Vincent Lefevre <vincent at vinc17.net>
> > wrote:
> > > (...)
> > > As a temporary and insecure workaround, I can avoid this error by
> > > setting security.OCSP.require to false, even though the error was
> > > not about OCSP.
> >
> > Hello Vincent,
> >
> > this is not a bug in Firefox (ESR). See this thread (works in Firefox
> > only with "security.OCSP.require" set to "false" at the moment):
> > https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/MMO3HSYghwQ/XLRuxWtJAwAJ
> >
> > The Google engineers are working on fixing this issue, so that this OCSP
> > setting can be set to "true" again.
>
> And they apparently fixed it now.
This is not fixed yet: I still get an error from Firefox, and also
from curl:
zira:~> curl --cert-status https://www.google.com
curl: (91) No OCSP response received
Actually the problem with Firefox 52 ESR is that its logic to give
the error message is broken: instead of SEC_ERROR_UNKNOWN_ISSUER,
it should have been an OCSP related error. But Firefox Nightly
correctly reports a SEC_ERROR_OCSP_SERVER_ERROR error.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the pkg-mozilla-maintainers
mailing list