The test client class in Mozilla's NSS has been helpfull for me as well: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_2_1_RTM/src/nss-3.2.1/mozilla/security/nss/cmd/tstclnt/tstclnt.c
I had used tstclnt when on-boarding a CA into the mozilla program in the past. Thanks, ~Gordon On Mon, Jun 29, 2015 at 9:51 AM, David Keeler <[email protected]> wrote: > Please file a new bug here: > > https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Security%3A%20PSM > > To debug the issue, it would be helpful to have packet captures of the > failing TLS handshakes and any related OCSP requests. This can be done > with tcpdump or wireshark - let me know if you want more details on > that. At the very least, knowing what domains are failing would be useful. > > Thanks! > > On 06/28/2015 07:08 AM, David E. Ross wrote: > > I am getting a number of failures to reach Web sites. The error message > > says: > > > > An error occurred during a connection to [some domain]. > > Invalid OCSP signing certificate in OCSP response. > > (Error code: sec_error_ocsp_invalid_signing_cert) > > > > > > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
