Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 157536 - Starting 7 December, mozilla-firefox (any version) with OCSP enabled gives error on certain sites.
Summary: Starting 7 December, mozilla-firefox (any version) with OCSP enabled gives er...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Mozilla Gentoo Team
Depends on:
Reported: 2006-12-08 13:24 UTC by Ferris McCormick (RETIRED)
Modified: 2007-01-13 04:34 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Ferris McCormick (RETIRED) gentoo-dev 2006-12-08 13:24:03 UTC
Starting December 7, if firefox has OCSP enabled, it gives an error when trying to log in to eBay or Paypal (or, I think, any Verisign site), thus:

Error trying to validate certificate from ... using OCSP - corrupted or unknown response. Error code -9073.

This is a new problem as of that date, and does not depend on the system or the firefox version:  I see it on amd64/Mon Dec  4 13:55:30 2006 >>> www-client/mozilla-firefox-2.0-r2 and on sparc/Mon Nov 13 18:00:35 2006 >>> www-client/mozilla-firefox- for example.

On December 6, everything was working as expected, so I suspect that either Verisign or eBay has changed something, but I have no way of pursuing that route.

Sorry for the lack of detail; I have reported everything I know at this point.
Comment 1 Jory A. Pratt 2006-12-24 07:48:44 UTC
This should have been fixed in ... If you could test would be appreciated.
Comment 2 Christian Marie (RETIRED) gentoo-dev 2007-01-11 02:53:33 UTC
Please reopen if you get around to testing it, though I think it's upstream regardless.
Comment 3 Ferris McCormick (RETIRED) gentoo-dev 2007-01-11 13:02:49 UTC
Initial tests check as fixed.  I'll play with it for a day or so then let you know for sure, but it looks like Jory's right at this point. 
Comment 4 Ferris McCormick (RETIRED) gentoo-dev 2007-01-12 23:46:27 UTC
I'm now sure Anarchy was correct in saying that this is fixed in mozilla-firefox- --- at least, nothing that was failing with OCSP now fails.  (I have been running with the "Use OCSP to validate only ..." option ever since I saw the test request, and sites like eBay or PayPal no linger give grief.)

So far as I am concerned, you may mark this "CLOSED", but I don't know who else if anyone is testing.