Roman Mamedov posted on Mon, 28 Dec 2015 14:29:43 +0500 as excerpted: > On Mon, 28 Dec 2015 09:20:09 +0000 (UTC) > Duncan <1i5t5.dun...@cox.net> wrote: > >> Firefox is currently giving me OCSP errors for the wiki. Links has no >> problem, presumably because it doesn't validate the cert or ignores >> OCSP timeouts, but lynx is throwing errors as well, so it's not just >> firefox. > > Do you get the same problem with https://www.kernel.org/ ?
That one works fine. > Or any other wiki listed at https://wiki.kernel.org/ ? That one doesn't. Same sec_error_ocsp_bad_signature error. > Can you download http://crl.startssl.com/crt2-crl.crl at your machine? That works fine. But according to wikipedia (where https is working fine, BTW), OCSP was created as an alternative to CRLs. https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol Based on the sequence outlined there and the error firefox is returning, seems the OCSP responder is returning responses that don't verify against its public key. So assuming no MitM attack, it'd be the OCSP responder that's badly configured, not (directly) wiki.kernel.org or its cert. > In general this seems to be a kernel.org webmasters concern, not for > Btrfs developers to do anything about. Agreed. But bugzilla.kernel.org is failing with the same error, so I can't report the bug there... or even look to see if anyone else has in the hour or two since I started seeing issues. And this is the only vger list I follow, so... -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
