Wireshark-bugs: [Wireshark-bugs] [Bug 11194] https://1.eu.dl.wireshark.org/ certificate issue
Peter Wu
changed
bug 11194
| What |
Removed |
Added |
| Status |
UNCONFIRMED
|
CONFIRMED
|
| CC |
|
gerald@wireshark.org, peter@lekensteyn.nl
|
| Hardware |
x86
|
All
|
| Summary |
https://1.eu.dl.wireshark.org/ download URL wont work
|
https://1.eu.dl.wireshark.org/ certificate issue
|
| Ever confirmed |
|
1
|
| OS |
Mac OS X 10.10
|
All
|
Comment # 1
on bug 11194
from Peter Wu
Problems with the 1.eu.dl.wireshark.org mirror:
(0) SSL chain issues. This is a trust chain:
1.eu.dl.wireshark.org*
COMODO RSA Domain Validation Secure Server CA*
COMODO RSA Certification Authority
AddTrust External CA Root
Only the (*) marked certificates are sent, but Ubuntu 14.04 for example only
has the last root (AddTrust External CA Root) but not the COMODO RSA
Certification Authority. Maybe OS X 10.10 (used by the reporter) is also
affected by the same.
Possible solution: append the intermediate certificate from
http://crt.comodoca.com/COMODORSAAddTrustCA.crt (mentioned in the AIA
extension).
(1) HSTS header is duplicated
$ curl -I https://1.eu.dl.wireshark.org/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Nov 2015 22:43:43 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000;
X-Slogan: Be good. You never know who's running Wireshark nearby.
Cache-control: max-age=0, no-cache
X-Slogan: Go deep.
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
See also the report from
https://www.ssllabs.com/ssltest/analyze.html?d=1.eu.dl.wireshark.org
You are receiving this mail because:
- You are watching all bug changes.
