NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/
Really weird, since OCSP is enabled by default in Fx 3.0 and above, and it works just fine. Maybe the Gecko 1.8.1 implementation is buggy...Tom T. wrote:edit: FWIW, the https d/l for dev builds is great, but I had to disable OCSP validation to install it.
It turns out that it actually *will* install, if I OK the error message: "An internal error has been detected. The requested OCSP transaction cannot be completed."Giorgio Maone wrote:Really weird, since OCSP is enabled by default in Fx 3.0 and above, and it works just fine. Maybe the Gecko 1.8.1 implementation is buggy...Tom T. wrote:edit: FWIW, the https d/l for dev builds is great, but I had to disable OCSP validation to install it.
Yes it does, from http://ocsp.godaddy.comTom T. wrote: I had selected "Use OCSP to validate only certificates that specify an OCSP service URL". Does yours?
If you were a government agency mandating its own certificate authority, you'd knowTom T. wrote: For the other choice, "Validate all certificates using this URL and signer", the default is Verisign. OK, I trust them -- but there is no default URL. How would one know what URL to enter?
Nothing.Tom T. wrote: Edit: There showed also a blocked sub-object, *@https://addons.mozilla.org. I allowed it, and also the scripts from AMO as well as NS. No change, but does this have anything to do with it?
Nothing wrong with the Gecko implementation; it's the user who's buggy.Giorgio Maone wrote:Really weird, since OCSP is enabled by default in Fx 3.0 and above, and it works just fine. Maybe the Gecko 1.8.1 implementation is buggy...Tom T. wrote:edit: FWIW, the https d/l for dev builds is great, but I had to disable OCSP validation to install it.
