SafeCache implementation breaks OCSP validation

Closed Issue created 13 years ago by Georg Koppen

If one configures Firefox to fail hard if there occurs an error while validating certificates using OCSP the SafeCache implementation leads to failures that do not exist without it. Steps to reproduce:

Configure Firefox properly (check "Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates"; Use "Validate all certificates using the following OCSP Server" and take the first one (in my case: https://rca.e-szigno.hu/ocsp); check "When an OCSP connection fails, treat the certificate as invalid"
Restart Firefox and surf to e.g. https://anonymous-proxy-servers.net/forum/ if that does not already break the validation then open in a second tab https://ssl.scoogle.org and it breaks always.
Do the same without Torbutton installed and it works fine.

The problematic code is (for whatever reason, I am currently debugging it as JonDoFox is affected as well):

if(!this.readCacheKey(channel.cacheKey)) {
        this.setCacheKey(channel, channel.URI.host);
      } else {
        SSC_dump("Existing cache key detected; leaving it unchanged.");
      }

If you comment that code everything works fine in Torbutton again.

SafeCache implementation breaks OCSP validation

Linked items ... 0

Activity