Hi Jugal, For issues with mozilla::pkix, the following might be helpful: https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes If that doesn't resolve the issue, please file a bug here: https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Security:%20PSM&short_desc=%28mozilla::pkix%29 It would be helpful if you could include either a link to a publicly-accessible site that exhibits the problem or post a copy of the certificate chain that is problematic. The error code (something like "sec_error_...") would also be helpful.
Thanks, David On 07/24/2014 09:26 PM, jugal.sa...@gmail.com wrote: > Team > > After upgrade to Firefox 31, I am not able to request any https link through > my firewall and getting certificate failure. I tried re-import of firewall > certificate but in vein. > > Please suggest. > > > On Tuesday, 8 April 2014 04:03:50 UTC+5:30, Kathleen Wilson wrote: >> All, >> >> >> >> We have been working on a new certificate verification library for >> >> Gecko, and would greatly appreciate it if you will test this new library >> >> and review the new code. >> >> >> >> Background >> >> >> >> NSS currently has two code paths for doing certificate verification. >> >> "Classic" verification has been used for verification of non-EV >> >> certificates, and libPKIX has been used for verification of EV >> >> certificates. >> >> >> >> As many of you are aware, the NSS team has wanted to replace the >> >> "classic" verification with libPKIX for a long time. However, the >> >> current libPKIX code was auto-translated from Java to C, and has proven >> >> to be very difficult to maintain and use. Therefore, Mozilla has created >> >> a new certificate verification library called mozilla::pkix. >> >> >> >> Request for Testing >> >> >> >> Replacing the certificate verification library can only be done after >> >> gaining sufficient confidence in the new code by having as many people >> >> and organizations test it as possible. >> >> >> >> We ask that all of you help us test this new library as described here: >> >> https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Request_for_Testing >> >> >> >> Testing Window: The mozilla::pkix certificate verification library is >> >> available for testing now in Nightly Firefox builds. We ask that you >> >> test as soon as possible, and that you complete your testing before >> >> Firefox 31 exits the Aurora branch in June. >> >> (See https://wiki.mozilla.org/RapidRelease/Calendar) >> >> >> >> Request for Code Review >> >> >> >> The more people who code review the new code, the better. So we ask all >> >> of you C++ programmers out there to review the code and let us know if >> >> you see any potential issues. >> >> https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Request_for_Code_Review >> >> >> >> >> >> We look forward to your help in testing and reviewing this new >> >> certificate verification library. >> >> >> >> Mozilla Security Engineering Team > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
