add OCSP hard-fail error code

2022-08-24 05:53:46 +00:00 · 2022-08-24 05:53:46 +00:00 · 74be763f60
parent 5780b6d197
commit 74be763f60
1 changed files with 2 additions and 1 deletions
--- a/user.js
+++ b/user.js
@ -470,7 +470,8 @@ user_pref("security.tls.enable_0rtt_data", false);
 * [SETTING] Privacy & Security>Security>Certificates>Query OCSP responder servers...
 * [1] https://en.wikipedia.org/wiki/Ocsp ***/
 user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1]
-/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail [SETUP-WEB]
+/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail
+ * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR
 * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail)
 * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail)
 * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it