On 2018-01-22 07:12:15 +0900, Mike Hommey wrote: > On Sun, Jan 21, 2018 at 06:33:00PM +0000, Viktor Jägersküpper wrote: > > On Sat, 20 Jan 2018 11:30:56 +0100 Vincent Lefevre <vinc...@vinc17.net> > > wrote: > > > (...) > > > As a temporary and insecure workaround, I can avoid this error by > > > setting security.OCSP.require to false, even though the error was > > > not about OCSP. > > > > Hello Vincent, > > > > this is not a bug in Firefox (ESR). See this thread (works in Firefox > > only with "security.OCSP.require" set to "false" at the moment): > > https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/MMO3HSYghwQ/XLRuxWtJAwAJ > > > > The Google engineers are working on fixing this issue, so that this OCSP > > setting can be set to "true" again. > > And they apparently fixed it now.
This is not fixed yet: I still get an error from Firefox, and also from curl: zira:~> curl --cert-status https://www.google.com curl: (91) No OCSP response received Actually the problem with Firefox 52 ESR is that its logic to give the error message is broken: instead of SEC_ERROR_UNKNOWN_ISSUER, it should have been an OCSP related error. But Firefox Nightly correctly reports a SEC_ERROR_OCSP_SERVER_ERROR error. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
