star_ni...@my-deja.com wrote:
> We are getting this error from a library.
What library function? PR_Write?
What NSS library version?
How did you get this copy of NSS?
As binaries directly from Mozilla?
As binaries from from Linux distribution? (which one?)
As sources? (where from? Have you
Neil wrote:
> This is probably PSM again,
Yes.
> but I hope someone here can answer it, or point me somewhere.
> We have a both menuitem and a dialog that logs you out of the SDR, so
> that you need to reenter your Master Password to gain access to your
> stored certificates and other encrypted
On 10/13/2009 11:37 PM, Robert Relyea:
On 10/13/2009 06:54 AM, Gervase Markham wrote:
Firefox uses OCSP but, by default, any response other than a definite
"is revoked" response is treated as "is not revoked". There is a user
pref that allows the user to change that, so that any response oth
On 10/13/2009 07:31 AM, Rob Stradling wrote:
> Gerv, have you read the current "security.OCSP.require in Firefox" thread on
> mozilla.dev.security?
>
> Daniel Veditz said yesterday...
> "An alternate approach I'd like to lobby our front-end guys on would be
> to put up a scary red bar when we can
On 10/13/2009 06:54 AM, Gervase Markham wrote:
> Firefox uses OCSP but, by default, any response other than a definite
> "is revoked" response is treated as "is not revoked". There is a user
> pref that allows the user to change that, so that any response other
> than "is not revoked" is treated as
On 10/13/2009 04:47 PM, Ian G:
My view: I would defer any "smarter" things that reduce customer
usability until (a) everyone has OCSP really well worked throughout,
end-to-end ... and (b) we see some actual evidence that suggests that
the risk of an OCSP interference is something worth worryin
IMO putting OCSP or CRLs in public SSL certificates was never a
particularly good idea because the only likely case for a revocation
is when a CA fails to validate a customer. That has happened
but not often enough to motivate the building of new infrastructure.
It seems like an easier way to jus
Not OK:
300 OCSP blocked by AV software, vendor fined $1 for each occurrence
Wes Kussmaul
Gervase Markham wrote:
Firefox uses OCSP but, by default, any response other than a definite
"is revoked" response is treated as "is not revoked". There is a user
pref that allows the user to change tha
On 13/10/2009 15:54, Gervase Markham wrote:
Firefox uses OCSP but, by default, any response other than a definite
"is revoked" response is treated as "is not revoked". There is a user
pref that allows the user to change that, so that any response other
than "is not revoked" is treated as "is revo
On 13/10/09 15:31, Rob Stradling wrote:
Gerv, have you read the current "security.OCSP.require in Firefox" thread on
mozilla.dev.security?
Er. Yes. This discussion is happening in multiple places at the moment,
and I lost track :-) Let's carry on with Dan's thread.
Gerv
--
dev-tech-crypto ma
On Oct 13, 6:26 am, star_ni...@my-deja.com wrote:
> Hello,
>
> We are getting this error from a library. I have been told the module
> is configured trust all certs. Can someone shed some light on libssl,
> libnss stack trace and the error?
>
> Thanks
> SN
I apologize I missed the trace
Gerv, have you read the current "security.OCSP.require in Firefox" thread on
mozilla.dev.security?
Daniel Veditz said yesterday...
"An alternate approach I'd like to lobby our front-end guys on would be
to put up a scary red bar when we can't validate OCSP. Users can still
get to their sites so
On 10/13/2009 03:54 PM, Gervase Markham:
Firefox uses OCSP but, by default, any response other than a definite
"is revoked" response is treated as "is not revoked". There is a user
pref that allows the user to change that, so that any response other
than "is not revoked" is treated as "is revok
Firefox uses OCSP but, by default, any response other than a definite
"is revoked" response is treated as "is not revoked". There is a user
pref that allows the user to change that, so that any response other
than "is not revoked" is treated as "is revoked".
IMO, we need to be smarter about th
Hello,
We are getting this error from a library. I have been told the module
is configured trust all certs. Can someone shed some light on libssl,
libnss stack trace and the error?
Thanks
SN
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev
This is probably PSM again, but I hope someone here can answer it, or
point me somewhere.
We have a both menuitem and a dialog that logs you out of the SDR, so
that you need to reenter your Master Password to gain access to your
stored certificates and other encrypted material, such as the log
16 matches
Mail list logo
