Dear list, (I am not sure this is the correct newsgroup. If it isn't, please point me in the correct direction.)
I am having troubles with my TLS-enabled lighttpd and any browser that uses NSS (Firefox, SeaMonkey, Chromium). For example, Firefox bails out with "sec_error_bad_signature" on connecting. When I ran Chromium through a debugger, it appeared that pkix_BuildForwardDepthFirstSearch is the function which fails, specifically the test (state- >buildConstants.numHintCerts > 0). The chain provided by the server has two items: the server certificate, and a custom CA (i.e. self-signed) certificate. As a counterexample, Opera does not fail (when the CA certificate is added to its trust list), and neither does OpenSSL's "s_client -verify 100". If anybody wants to help me diagnose this problem, the server is running at https://ondrahosek.dyndns.org/. Thanks a lot in advance, ~~ Ondra Hošek _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security