Are there any news about it? I can capture an OCSP response if necessary.
Thanks in advance, Rafa On 17 mar, 08:44, Nelson Bolyard <nonelsons...@nobolyardspam.me> wrote: > On 2010-03-16 22:04 PST, Kyle Hamilton wrote: > > > Your profile's certificate and trust database appears to be corrupted, > > and therefore it can't check to see if the OCSP responder's > > certificate is okay. > > > You'll need to quit Firefox, move the current key*.db, cert*.db, and > > secmod.db files out of the profile directory (to a backup location), > > and then restart Firefox. After that, you'll need to reinstall the > > FNMT-RCM root certificate and edit its trust bits appropriately. (If > > you have added any PKCS11 modules, you will also need to re-add them.) > > I don't think his DBs are necessarily corrupted. Remember that > "sec_error_base_database" actually means either one of two rather benign > things: > a) we looked for a record in the DB and didn't find it (maybe it's just not > there), or > b) we tried to put a record into the DB, but the DB told us there is already > a record in the DB with that record's "unique database key", implying that > this record is a duplicate of one already in the DB, and so > it did not let us insert the record into the DB (again). > > I've been able to reproduce what Rafa reported, and my DB is not corrupted. > I suspect this is a case where there is a problem with the OCSP response, > and NSS's ability to provide a meaningful error code for the particular > problem is deficient in this case. > > I wish we had better diagnostic tools. As it is, diagnosis of OCSP problems > requires an NSS developer to spend hours with a code debugger. > > I'll get to the bottom of this error, eventually, if someone doesn't fix it > (i.e. change the OCSP response) first. But probably not before this weekend. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
