MantisBT - Site | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0002333 | Site | [All Projects] Bug | public | 2015-06-28 07:33 | 2018-12-01 06:44 |
| Reporter | thanatos | ||||
| Assigned To | Blzut3 | ||||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | amd64 | OS | Gentoo Linux | OS Version | |
| Summary | 0002333: zandronum.com doesn't present intermediate certificate, leading to no trust chain | ||||
| Description | Attempting to wget or curl from zandronum results in the following: % wget 'https://zandronum.com/downloads/zandronum2.1-linux-x86_64.tar.bz2' --2015-06-28 00:24:42-- 'https://zandronum.com/downloads/zandronum2.1-linux-x86_64.tar.bz2 [^]' Resolving zandronum.com... 76.74.158.193 Connecting to zandronum.com|76.74.158.193|:443... connected. ERROR: cannot verify zandronum.com's certificate, issued by ‘/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA’: Unable to locally verify the issuer's authority. To connect to zandronum.com insecurely, use `--no-check-certificate'. This is because the leaf certificate for zandronum.com is signed by an intermediate certificate; the webserver needs to be configured to send the intermediate certificate as well as the leaf certificate. You can see this issue on SSLLabs, as well: 'https://www.ssllabs.com/ssltest/analyze.html?d=zandronum.com [^]' > This server's certificate chain is incomplete. > Certificates provided 1 (1862 bytes) > Chain issues Incomplete This can affect Firefox (and I think, Chrome) too. Firefox appears to store intermediate certificates that it happens to run across, so because I happened to see StartCom's intermediate cert from somewhere else on the 'net, zandronum.com works. If, however, I open a brand-new profile, % firefox -new-instance -profile ./some-empty-directory and only browse to zandronum.com, I see: > You have asked Aurora to connect securely to zandronum.com, but we can't confirm that your connection is secure. | ||||
| Steps To Reproduce | wget 'https://zandronum.com/downloads/zandronum2.1-linux-x86_64.tar.bz2' | ||||
| Additional Information | I run Gentoo, so I make ebuild files (Gentoo's equivalent of .deb) for Zandronum. ebuilds download directly from the source, so they need to download from zandronum.com, but can't, due to this error. I highly recommend taking a look at the SSLLabs page: you should stop using SSLv3 too. :-) | ||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2015-06-28 07:33 | thanatos | New Issue | |||
| 2015-07-01 09:04 | Blzut3 | Assigned To | => Blzut3 | ||
| 2015-07-01 09:04 | Blzut3 | Status | new => assigned | ||
| 2015-07-01 09:04 | Blzut3 | Note Added: 0012826 | |||
| 2015-07-01 09:04 | Blzut3 | Status | assigned => feedback | ||
| 2015-07-01 23:51 | thanatos | Note Added: 0012827 | |||
| 2015-07-01 23:51 | thanatos | Status | feedback => assigned | ||
| 2015-07-01 23:54 | Blzut3 | Status | assigned => resolved | ||
| 2015-07-01 23:54 | Blzut3 | Resolution | open => fixed | ||
| 2018-12-01 06:44 | Blzut3 | Status | resolved => closed | ||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||