You are viewing information archived from Mozilla.org on 2014-10-02.
最近,用ff访问https站点,频繁报错,提示“secerrorocspoldresponse”,甚至ff的插件都没法下载。 原因是,负责证书认证的ocsp.digicert.com被墙了,使ff无法在线验证证书安全性。 解决方法: sudo vim /etc/hosts # 新增 117.18.237.29 ocsp.digicert.com. Explore Our Help Articles. Dig into the knowledge base, tips and tricks, troubleshooting, and so much more. Firefox Browser; Firefox Private Network.
Home | Trees | Indices | Help |
---|
|
Certificate(data, certdb=get_default_certdb(), perm=False, nickname=None)
An X509 Certificate object.
The Certificate is initialized from the supplied DER data. TheCertificate is added to the NSS temporary database. If perm is Truethen the Certificate is also permanently written into certdb.
| |||
| |||
a new object with type S, a subtype of T |
| ||
| |||
| |||
| |||
| |||
kea_type |
| ||
string) |
| ||
[(level, string),..] |
| ||
(Certificate, ..) |
| ||
CertificateExtension |
| ||
bool |
| ||
boolean |
| ||
string |
| ||
| |||
bool |
| ||
| |||
| |||
Inherited from object : __delattr__ , __format__ , __getattribute__ , __hash__ , __reduce__ , __reduce_ex__ , __setattr__ , __sizeof__ , __subclasshook__ |
Error Code: Sec_error_ocsp_old_response
| |||
cert_type integer bitmask of NS_CERT_TYPE_* flags, see nss.cert_type_flags() | |||
der_data raw certificate DER data as data buffer | |||
email_trust_str certificate email trust flags as array of strings, or None if trust is not defined | |||
extensions certificate extensions as a tuple of CertificateExtension objects | |||
issuer certificate issuer as a DN object | |||
serial_number certificate serial number | |||
signature_algorithm certificate signature algorithm | |||
signed_data certificate signature as SignedData object | |||
signing_trust_str certificate object signing trust flags as array of strings, or None if trust is not defined | |||
ssl_trust_str certificate SSL trust flags as array of strings, or None if trust is not defined | |||
subject certificate subject as a DN object | |||
subject_common_name certificate subject | |||
subject_public_key_info certificate public info as SubjectPublicKeyInfo object | |||
valid_not_after certificate not valid after this time (floating point value expressed as microseconds since the epoch, midnight January 1st 1970, UTC) | |||
valid_not_after_str certificate not valid after this time (string value expressed, UTC) | |||
valid_not_before certificate not valid before this time (floating point value expressed as microseconds since the epoch, midnight January 1st 1970 UTC) | |||
valid_not_before_str certificate not valid before this time (string value expressed, UTC) | |||
version certificate version | |||
Inherited from object : __class__ |
- 火狐解决 OCSP.比如这样:连接 addons.mozilla.org 时发生错误。 OCSP 回应包含过期信息。 (错误码: secerrorocspoldresponse)hosts文件添加 117.18.
- Re: How do I bypass 'SECERROROCSPOLDRESPONSE'? Post by Moonchild » Tue Mar 12, 2019 6:21 pm I'm sorry but practical considerations to (temporarily) bypass standards due to issues with mainstream server software are not in any way a level of freedom you, as a user, can or should demand.
|
|
|
|
|
check_ocsp_status(certdb, time, [user_data1, ..]) -> boolean Checks the status of a certificate via OCSP. Will only check status fora certificate that has an AIA (Authority Information Access) extensionfor OCSP or when a 'default responder' is specified and enabled.(If no AIA extension for OCSP and no default responder in place, thecert is considered to have a good status. Returns True if an approved OCSP responder knows the certand returns a non-revoked status for it. Otherwise a error.NSPRErroris raised and it's error_code property may be one of the following:
Other errors are possible failures in cert verification(e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) whenverifying the signer's cert, or other low-level problems.
|
check_valid_times(time=now, allow_override=False) --> validity Checks whether a specified time is within a certificate's validityperiod. Returns one of:
|
Returns key exchange type of the keys in an SSL server certificate.
|
|
Formats the object into a sequence of lines with indent levelinformation. The return value is a list where each list item is atuple. The first item in the tuple is an integerrepresenting the indentation level for that line. Any remaining itemsin the tuple are strings to be output on that line. The output of this function can be formatted into a single string bycalling indented_format(), e.g.: print indented_format(obj.format_lines()) The reason this function returns a tuple as opposed to an singleindented string is to support other text formatting systems such asGUI's with indentation controls. See indented_format() for acomplete explanation.
|
|
Given an oid identifying the extension try to locate it in thecertificate and return it as generic CertificateExtension object. Ifthe extension is not present raise a KeyError. The generic CertificateExtension object is not terribly useful onit's own, howerver it's value property can be used to intializeinstances of a class representing the extension. Or it may be passedto functions that convert the value into some other usable format.Although one might believe this function should do these conversionsfor you automatically there are too many possible variations. Plus onemight simple be interested to know if an extension is present ornot. So why perform conversion work that might not be needed or mightnot be in the format needed? Therefore this function is just onesimple element in a larger toolbox. Below are some suggestions on howto convert the generic CertificateExtension object (this list maynot be complete).
|
|
is_ca_cert(True) -> boolean, cert_type Returns True if the cert is a CA cert, False otherwise. The function optionally can return a bitmask of NS_CERT_TYPE_*flags if return_cert_type is True. This is the updated cert typeafter applying logic in the context of deciding if the cert is aCA cert or not. Hint: the cert_type value can be converted to textwith nss.cert_type_flags(). Hint: the unmodified cert type flagscan be obtained with the Certificate.cert_type property.
|
Returns a nickname for the certificate guaranteed to be uniquewithin the the current NSS database. The nickname is composed thusly:
|
verify(certdb, check_sig, required_usages, time, [user_data1, ..]) -> valid_usages Verify a certificate by checking if it's valid and that wetrust the issuer.
Returns valid_usages, a bitfield of certificate usages. If required_usages is non-zero, the returned bitmap is only for thoserequired usages, otherwise it is for all possible usages. Hint: You can obtain a printable representation of the usage flagsvia cert_usage_flags. Note: Anytime a NSPR or NSS function returns an error in python-nss itraises a NSPRError exception. When an exception is raised the normalreturn values are discarded because the flow of control continues atthe first except block prepared to catch the exception. Normally thisis what is desired because the return values would be invalid due tothe error. However the certificate verification functions are anexception (no pun intended). An error might be returned indicating thecert failed verification but you may still need access to the returnedusage bitmask and the log (if using the log variant). To handle this aspecial error exception CertVerifyError (derived from NSPRError)is defined which in addition to the normal NSPRError fields will alsocontain the returned usages and optionally the CertVerifyLogobject. If no exception is raised these are returned as normal returnvalues.
|
A restricted regular expression syntax is used to test if the commonname specified in the subject DN of the certificate is a match,returning True if so, False otherwise.
|
verify_now(certdb, check_sig, required_usages, [user_data1, ..]) -> valid_usages Verify a certificate by checking if it's valid and that wetrust the issuer.
Returns valid_usages, a bitfield of certificate usages. Ifrequired_usages is non-zero, the returned bitmap is only for thoserequired usages, otherwise it is for all possible usages. Hint: You can obtain a printable representation of the usage flagsvia cert_usage_flags. Note: See the Certificate.verify documentation for details on howthe Certificate verification functions handle errors.
|
Error Code Sec Error Ocsp Old Response
verify_with_log(certdb, check_sig, required_usages, time, [user_data1, ..]) -> valid_usages, log Verify a certificate by checking if it's valid and that wetrust the issuer.
Returns valid_usages, a bitfield of certificate usages and a nss.CertVerifyLogobject with diagnostic information detailing the reasons for a validation failure. If required_usages is non-zero, the returned bitmap is only for thoserequired usages, otherwise it is for all possible usages. Hint: You can obtain a printable representation of the usage flagsvia cert_usage_flags. Note: See the Certificate.verify documentation for details on howthe Certificate verification functions handle errors.
|
Sec_error_ocsp_old_response Firefox
Home | Trees | Indices | Help |
---|
Generated by Epydoc 3.0.1 on Mon May 13 10:58:13 2013 | http://epydoc.sourceforge.net |
- česky | deutsch | english
Ocsp Error On Server Certificate
You are on the Internet with Firefox. So far, this was actually not a bad decision. However, when connecting to cacert.org an error now occurs. The OCSP response contains outdated information.
Error code: SEC_ERROR_OCSP_OLD_RESPONSE
This surprises you, because you have previously expressed your trust in the CAcert (CA Cert Signing Authority) root certificate. Today, however, you are still not getting access. This has to do with an update from Firefox, which changes a default setting.
The solution: Go to Settings -> Privacy and Security -> Certificates (at the bottom of the page): The option “Confirm current validity of certificates by request to OCSP server” must be deactivated (see picture: there must not be a tick at the red marked position), then it works again.
The ARK: Survival Evolved Season Pass gives you access to three huge expansion packs - Scorched Earth (available now), Aberration (available now), and Extinction (available now)! The 'ARK: Survival Evolved Season Pass' gives you access to three huge expansion packs - 'Scorched Earth' and 'Aberration' (available now) and one future expansion (coming in 2018). Each expansion will unlock in your account when released and offer 300+ hours of content each including new dinosaurs, custom maps and unique mechanics. Buy ARK: Survival Evolved Season Pass. Includes 3 items: ARK: Scorched Earth - Expansion Pack, ARK: Aberration - Expansion Pack. Owners of ARK's 'Season Pass' also get additional exclusive in-game Aberration-themed cosmetic item skins. Mac OS X SteamOS + Linux Minimum: OS: Windows 7/8.1/10. First season pass is Scorched Earth, Aberration and Extinction. Second season pass is Gen 1 and Gen 2 (out next march atm). DLC's are essentially maps. The ones in the passes are paid dlcs and follow the story canon of the game. Title: ARK: Survival Evolved Season Pass Genre: Action, Adventure, Indie, Massively Multiplayer, RPG Developer: Studio Wildcard, Instinct Games, Efecto Studios.
(Dear Mozilla developers, this would not have been absolutely necessary!)
NOTE: The corresponding setting has to be changed at the following browsers:
- Seamonkey: Edit - Preferences - Privacy and Security - Certificates
- Basilisk : Preferences - Advanced
- Palemoon : Tools - Preferences - Advanced
- CategoryFAQ