![]() ![]() : D/certverifier OCSPCache::Put(172b396f0, "firstPartyDomain:, partitionKey: ") added to cache : D/certverifier OCSPCache::Get(172b396f0,"firstPartyDomain:, partitionKey: ") not in cache : D/certverifier OCSPCache::Get(172b38ea0,"firstPartyDomain:, partitionKey: ") not in cache firefox-bin -MOZ_LOG="certverifier:5,pipnss:4" : E/pipnss Lower layer connect error: -5934 In a new profile, there's also some errors and stuff I don't quite understand, but it works anyways: newly created profile, using. : D/certverifier NSSCertDBTrustDomain: certificate is in blocklist : E/pipnss Lower layer connect error: -5934 : D/pipnss nsSSLIOLayerSetOptions: using TLS version range (0x0301,0x0304) : D/certverifier OCSPCache::Get(171bac650,"firstPartyDomain:, partitionKey: ") not in cache : D/certverifier NSSCertDBTrustDomain: CheckSignatureDigestAlgorithm : D/pipnss SSLServerCertVerificationJob::Run ![]() : D/pipnss starting AuthCertificateHookInternal ![]() : D/pipnss nsNSSSocketInfo::SetHandshakeCompleted : D/pipnss HandshakeCallback KEEPING existing cert : D/pipnss HandshakeCallback: succeeded using TLS version range (0x0301,0x0304) : D/pipnss nsNSSSocketInfo::NoteTimeUntilReady : D/pipnss SSLServerCertVerificationResult::Run setting NEW cert : D/certverifier OCSPCache::Get(171bad6f0,"firstPartyDomain:, partitionKey: ") not in cache : D/certverifier NSSCertDBTrustDomain: no stapled OCSP response : D/certverifier NSSCertDBTrustDomain::CheckCRLite: CRLite check returned state=2 : D/certverifier NSSCertDBTrustDomain::CheckRevocation: checking CRLite : D/certverifier NSSCertDBTrustDomain: no cached OCSP response : D/certverifier OCSPCache::Get(171bacea0,"firstPartyDomain:, partitionKey: ") not in cache : D/certverifier NSSCertDBTrustDomain: Top of CheckRevocation : D/certverifier NSSCertDBTrustDomain: IsChainValid firefox-bin -MOZ_LOG="certverifier:5,pipnss:4" : D/certverifier NSSCertDBTrustDomain: CheckSignatureDigestAlgorithm Poking around more, it seems like when using my old profile, and any combination of OCSP settings, it at some point finds that the certificate is in a blocklist: old profile, using. I then got curious and found that it also works if I create a new profile in Firefox. Unfortunately it's an Intranet site so you can't verify this yourself, but it has a valid certificate from "issuer: C=BM O=QuoVadis Limited CN=QuoVadis Global SSL ICA G3" and it works fine in everything else on my Mac (21.3.0 Darwin Kernel Version 21.3.0: Wed Jan 5 21:37: root:xnu-8019.80.24~20/RELEASE_ARM64_T6000 arm64): Safari, Chrome, curl, you name it - no issues. Out of the blue (presumably with the last update to 99.0.1), a website I use a lot doesn't open anymore but shows An error occurred during a connection to $fqdn.Įrror code: SEC_ERROR_REVOKED_CERTIFICATE ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |