From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Enge Subject: Re: OCSP error in icecat Date: Sun, 11 May 2014 12:20:25 +0200 Message-ID: <20140511102025.GA2273@debian> References: <20140409133907.GA19595@debian> <878ure2qmz.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:42716) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WjQrz-0007qE-O4 for guix-devel@gnu.org; Sun, 11 May 2014 06:20:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WjQru-0005IE-PH for guix-devel@gnu.org; Sun, 11 May 2014 06:20:35 -0400 Content-Disposition: inline In-Reply-To: <878ure2qmz.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Ludovic =?iso-8859-15?Q?Court=E8s?= Cc: guix-devel@gnu.org On Wed, Apr 09, 2014 at 10:29:24PM +0200, Ludovic Courtès wrote: > Perhaps it’d be best to bring it on bug-gnuzilla@gnu.org? I started writing a bug report, but decided against sending it; I think the problem is with the web server (the certificate of which has expired, by the way). > Andreas Enge skribis: > > The following site explains how to turn off OCSP verification: > > http://www.ghacks.net/2013/10/02/fix-ocsp-server-refused-request-unauthorized-firefox/ Well, "turn off" was too strongly worded here: When one unchecks Edit -> Preferences -> Advanced -> Certificates -> Validation -> "When an OCSP server connection fails, treat the certificate as invalid", then the checks still work if the server replies. I think this is a reasonable solution, but each user has to apply it individually. Andreas