I wrote (quoting Bill Burns): >> >> One error I get while attempting to authenticate to an internal site >> >> with my certificate-on-a-smartcard is this one: >> >> "Alert: An internal failure has been detected. It not possible to >> >> complete the requested OCSP operation." > > > > That error string has a name, which is "OCSPDeadlock". I think (not > > sure) it happens when the OCSP request is sent over an https connection > > and the OCSP server's cert itself specifies an OCSP URL, causing > > recursive OCSP lookup.
Actually, I now believe it is the certificate of the OCSP responder itself, the one used to verify the signature on the OCSP response, that may have an AIA specifying OCSP, that causes the recursion. The recursion occurs while verifying the OCSP responder's signature cert, not while verifying an https server's cert, IINM. _______________________________________________ dev-tech-crypto mailing list [EMAIL PROTECTED] https://lists.mozilla.org/listinfo/dev-tech-crypto
