Red Hat Bugzilla – Bug 501610
Firefox 3.5 beta and issues with CRLs
Last modified: 2009-05-23 16:26:20 EDT
Firefox 3.5 beta does not appear to be able to connect to sites that use EV SSL certificates.
E.g., when attempting to connect to <https://www.chase.com/>:
Secure Connection Failed
An error occurred during a connection to www.chase.com.
New CRL has an invalid format.
(Error code: sec_error_crl_invalid)
This is a severe problem, as many sites now use EV SSL certificates.
After doing some more digging, I found this:
Although neither of the two CRLs I had installed appeared to be invalid as per the description in the above blog post, I refreshed the CRLs, and now I no longer get the "New CRL has an invalid format" error.
The strange thing is, though, I rsync my ~/.mozilla directory between my Fedora 11 Preview box and my Fedora 10 box, so both Firefox 3.0 and Firefox 3.5 beta were using the exact same data, and Firefox 3.0 never issued any invalid CRL errors.
I have a copy of my ~/mozilla directory in the state where Firefox 3.5 beta complains about invalid CRLs. If you want to see the specific CRLs that Firefox was complaining about, please tell me how to extract that data. Otherwise, feel free to close this bug as INVALID.
I wouldn't say invalid, but I cannot reproduce just by going to the Chase website. I would need to set up CRL management somehow.
So, closing this as NOTABUG, but if you think there is something to be resolved, please, describe in detail how to reproduce this bug on our system.
Thank you very much for filing this bug and investigating it further (that is rare).