Copypaste fail, apologies. Correct bug is: https://bugzilla.mozilla.org/show_bug.cgi?id=1579509
On Wednesday, September 11, 2019 at 11:30:57 AM UTC-5, Christopher Kemmerer wrote: > We have been monitoring the discussions on the m.d.s.p. mailing list > and, after the announcements of GlobalSign and Let's Encrypt, found that > our OCSP responder is affected by the same issue. > > In particular, whenever a precertificate is generated, but CT submission > fails, EJBCA will fail to create the corresponding certificate, and thus > reply with the status "Unknown" on OCSP queries. > > We have found out that this affected 52 certificates. None of these > certificates have been generated or delivered to clients. > > Examples: > > https://crt.sh/?id=1720920023&opt=ocsp > https://crt.sh/?id=1677051376&opt=ocsp > > We have opened a bug with PrimeKey to address the EJBCA issue. Until > this is corrected by PrimeKey we have mitigated this issue using an > in-house patch. > > We have also opened a bug in Bugzilla to track the progress of this > issue at: > > https://bugzilla.mozilla.org/show_bug.cgi?id=15795 > > -- > Chris Kemmerer > Manager of Operations > SSL.com > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~~~~~ To find the reefs, look~~~~~~~~ > ~~~~ for the wrecks. ~~~~~~~~~ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy