From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: OCSP error in icecat Date: Sun, 11 May 2014 13:32:38 +0200 Message-ID: <87k39ssg89.fsf@gnu.org> References: <20140409133907.GA19595@debian> <878ure2qmz.fsf@gnu.org> <20140511102025.GA2273@debian> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:54093) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WjRzr-00081Q-Eu for guix-devel@gnu.org; Sun, 11 May 2014 07:32:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WjRzj-00014L-Sx for guix-devel@gnu.org; Sun, 11 May 2014 07:32:47 -0400 Received: from hera.aquilenet.fr ([2a01:474::1]:43738) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WjRzj-00014G-M9 for guix-devel@gnu.org; Sun, 11 May 2014 07:32:39 -0400 In-Reply-To: <20140511102025.GA2273@debian> (Andreas Enge's message of "Sun, 11 May 2014 12:20:25 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Andreas Enge Cc: guix-devel@gnu.org Andreas Enge skribis: > On Wed, Apr 09, 2014 at 10:29:24PM +0200, Ludovic Court=C3=A8s wrote: >> Perhaps it=E2=80=99d be best to bring it on bug-gnuzilla@gnu.org? > > I started writing a bug report, but decided against sending it; I think t= he > problem is with the web server (the certificate of which has expired, by = the > way). > >> Andreas Enge skribis: >> > The following site explains how to turn off OCSP verification: >> > http://www.ghacks.net/2013/10/02/fix-ocsp-server-refused-request-un= authorized-firefox/ > > Well, "turn off" was too strongly worded here: When one unchecks > Edit -> Preferences -> Advanced -> Certificates -> Validation > -> "When an OCSP server connection fails, treat the certificate as inva= lid", > then the checks still work if the server replies. I think this is a reaso= nable > solution, but each user has to apply it individually. So in the end, is there a real problem, or did it just have to do with a specific web server? Ludo=E2=80=99.