On 2014-04-30 19:08, Rafał Krypa wrote: > On 2014-04-30 17:11, Schaufler, Casey wrote: >> Hmm. I see the same thing from outside the Intel firewall, while access from >> inside Intel works just fine. No, it's not just you. > Are you using the same browsers inside and outside the firewall? I can see > the revocation message in Firefox and MSIE, but Chromium doesn't report it. > > Either way the certificate seems to be revoked by issuer, StartSSL.
I found a dumb way to work around this problem. Mapping crl.startssl.com and ocsp.startssl.com to 127.0.0.1 in /etc/hosts works for me. > I have checked it with openssl command line, using both CRL and OCSP: > > ### Get the wiki.tizen.org server certificate > $ openssl s_client -connect wiki.tizen.org:443 -showcerts </dev/null > 2>/dev/null | grep -m1 BEGIN -A100 | openssl x509 -text >server.pem By the way, it seems odd that s_client doesn't inform that server certificate is revoked. I tried passing "-crl_check -crl_check_all" options, but it didn't cause any certificate error. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
