1) visit an https site with expired cert
2) untrusted dialog pops up, tech details says:
some-server.com uses an invalid security certificate. The certificate expired on 10/17/2013 11:41 AM. The current time is 10/17/2013 11:59 AM. (Error code: sec_error_expired_certificate)
3) click "add exception"
4) popup claims certificate is "valid" and "verified" and refuses to add an exception
Can you post the server name here? I saw it when the server does not have reverse DNS entry (IP to domain translation).
In my case, tech details says:
************ uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for ************ (Error code: sec_error_cert_signature_algorithm_disabled)
then, in about:config, when i set security.enable_md5_signatures;false to true,
(Error code: sec_error_ca_cert_invalid)
finally, when i add an exception, firefox displays:
The connection was reset
Downgrading firefox and xulrunner to version 21 (?), solves the problem.
Ok, here is a workaround that works for me:
Starting Firefox in terminal with NSS_SSL_CBC_RANDOM_IV=0, solves the problem.
Please see here: https://bugzilla.redhat.com/show_bug.cgi?id=890931
Or google -> NSS_SSL_CBC_RANDOM_IV=0
Kay, Any idea about this one? Thanks!
Martyn, I'll look into it.
I believe this is a duplicate of bug 770682.
If you can demonstrate a current site to reproduce this issue, please add a comment with a link to the site, reopen the bug, and I'll look into it right away. Thanks
*** This bug has been marked as a duplicate of bug 770682 ***
(In reply to Kai Engert (:kaie) from comment #7)
> I believe this is a duplicate of bug 770682.
This bug is about firefox, that bug is about a similar problem with SIPE. I'll remove the duplicate assignment.
Stefan, both software used the same underlying NSS crypto library that implements the functionality (certificate validation) that you were using. The quoted environment variable isn't a property of Firefox, it's a property of that library.