sorry, not the freshest version of NSS, old version in fact. Latest can be obtained here: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
This sample client application does TLS from the context of the NSS libraries, you could possibly debug the OCSP response with this code. ~Gordon On Mon, Jun 29, 2015 at 9:56 AM, Gordon Young <[email protected]> wrote: > The test client class in Mozilla's NSS has been helpfull for me as well: > > http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_2_1_RTM/src/nss-3.2.1/mozilla/security/nss/cmd/tstclnt/tstclnt.c > > I had used tstclnt when on-boarding a CA into the mozilla program in the > past. > > > Thanks, > ~Gordon > > > On Mon, Jun 29, 2015 at 9:51 AM, David Keeler <[email protected]> wrote: > >> Please file a new bug here: >> >> https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Security%3A%20PSM >> >> To debug the issue, it would be helpful to have packet captures of the >> failing TLS handshakes and any related OCSP requests. This can be done >> with tcpdump or wireshark - let me know if you want more details on >> that. At the very least, knowing what domains are failing would be useful. >> >> Thanks! >> >> On 06/28/2015 07:08 AM, David E. Ross wrote: >> > I am getting a number of failures to reach Web sites. The error message >> > says: >> > >> > An error occurred during a connection to [some domain]. >> > Invalid OCSP signing certificate in OCSP response. >> > (Error code: sec_error_ocsp_invalid_signing_cert) >> > >> > >> >> >> _______________________________________________ >> dev-security-policy mailing list >> [email protected] >> https://lists.mozilla.org/listinfo/dev-security-policy >> >> > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
