From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: OCSP error in icecat
Date: Sun, 11 May 2014 13:32:38 +0200
Message-ID: <87k39ssg89.fsf@gnu.org>
References: <20140409133907.GA19595@debian> <878ure2qmz.fsf@gnu.org>
	<20140511102025.GA2273@debian>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54093)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1WjRzr-00081Q-Eu
	for guix-devel@gnu.org; Sun, 11 May 2014 07:32:51 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1WjRzj-00014L-Sx
	for guix-devel@gnu.org; Sun, 11 May 2014 07:32:47 -0400
Received: from hera.aquilenet.fr ([2a01:474::1]:43738)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
	id 1WjRzj-00014G-M9
	for guix-devel@gnu.org; Sun, 11 May 2014 07:32:39 -0400
In-Reply-To: <20140511102025.GA2273@debian> (Andreas Enge's message of "Sun,
	11 May 2014 12:20:25 +0200")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Andreas Enge <andreas@enge.fr>
Cc: guix-devel@gnu.org

Andreas Enge <andreas@enge.fr> skribis:

> On Wed, Apr 09, 2014 at 10:29:24PM +0200, Ludovic Court=C3=A8s wrote:
>> Perhaps it=E2=80=99d be best to bring it on bug-gnuzilla@gnu.org?
>
> I started writing a bug report, but decided against sending it; I think t=
he
> problem is with the web server (the certificate of which has expired, by =
the
> way).
>
>> Andreas Enge <andreas@enge.fr> skribis:
>> > The following site explains how to turn off OCSP verification:
>> >    http://www.ghacks.net/2013/10/02/fix-ocsp-server-refused-request-un=
authorized-firefox/
>
> Well, "turn off" was too strongly worded here: When one unchecks
>   Edit -> Preferences -> Advanced -> Certificates -> Validation
>   -> "When an OCSP server connection fails, treat the certificate as inva=
lid",
> then the checks still work if the server replies. I think this is a reaso=
nable
> solution, but each user has to apply it individually.

So in the end, is there a real problem, or did it just have to do with a
specific web server?

Ludo=E2=80=99.