[Bug 332176] Re: firefox doesn't warn the user if SSL certificates do not include OCSP extension
marco.pallotta
marco.pallotta at gmail.com
Mon Apr 20 21:14:52 UTC 2009
To confirm the bug is simple:
1) go to
https://www.ingdirect.it
and open the certificate details. Into the extensions you can see the CA access info field with the value OCSP: URI: http://ocsp.verisign.com
This site correctly support OCSP (moreover you can also see CRL support even if it is an obsolete approach for certificate revocation)
2) go to
https://www.poste.it
open the certificate details. In the extensions you cannot see any CA access info field nor any CRL support field
If you don't see any warning message from Firefox about this last issue
(I say again that it's a security issue) you can mark this bug
"confirmed"
--
firefox doesn't warn the user if SSL certificates do not include OCSP extension
https://bugs.launchpad.net/bugs/332176
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox-3.0 in ubuntu.
More information about the Ubuntu-mozillateam-bugs
mailing list