(In reply to Kathleen Wilson from comment #146) > I just tried it again: > http://certificate.revocationcheck.com/www.sede.fnmt.gob.es > returns: Error parsing OCSP response: asn1: structure error: tags don't > match (16 vs {class:0 tag:28 length:72 isCompound:true}) {optional:false > explicit:false application:false defaultValue:<nil> tag:<nil> stringType:0 > set:false omitEmpty:false} responseASN1 @2
This problem it's not an OCSP Server problem. As you can see, POST request are resolved correctly. The type GET requests with certain special characters in the base 64 encoding (+, /, ..) with special meaning in URIs must be encoded first with "URL encoding" before sending, according to RFC 2560, and RFC 6960 A.1.1 point point A.1. However, they are not doing, as seen in the logs of our web server. Specifically, the parsing error occurs because when treating the wrong GET request our OCSP Server sends a redirect to a welcome page, which logically cause the OCSP response parsing error. You can see the same behaviour if you check other SSL certificates issued by other root CAs inluded in Mozilla root CA Program. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1271513 Title: www.cert.fnmt.es certificates are not included in Mozilla products To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1271513/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
