Wireshark-bugs: [Wireshark-bugs] [Bug 11194] https://1.eu.dl.wireshark.org/ certificate issue

Date: Thu, 26 Nov 2015 23:01:03 +0000

changed bug 11194


What Removed Added
Status UNCONFIRMED CONFIRMED
CC   [email protected], [email protected]
Hardware x86 All
Summary https://1.eu.dl.wireshark.org/ download URL wont work https://1.eu.dl.wireshark.org/ certificate issue
Ever confirmed   1
OS Mac OS X 10.10 All

Comment # 1 on bug 11194 from
Problems with the 1.eu.dl.wireshark.org mirror:

(0) SSL chain issues. This is a trust chain:
1.eu.dl.wireshark.org*
COMODO RSA Domain Validation Secure Server CA*
COMODO RSA Certification Authority
AddTrust External CA Root

Only the (*) marked certificates are sent, but Ubuntu 14.04 for example only
has the last root (AddTrust External CA Root) but not the COMODO RSA
Certification Authority. Maybe OS X 10.10 (used by the reporter) is also
affected by the same.

Possible solution: append the intermediate certificate from
http://crt.comodoca.com/COMODORSAAddTrustCA.crt (mentioned in the AIA
extension).


(1) HSTS header is duplicated
$ curl -I https://1.eu.dl.wireshark.org/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Nov 2015 22:43:43 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000;
X-Slogan: Be good. You never know who's running Wireshark nearby.
Cache-control: max-age=0, no-cache
X-Slogan: Go deep.
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000

See also the report from
https://www.ssllabs.com/ssltest/analyze.html?d=1.eu.dl.wireshark.org


You are receiving this mail because:
  • You are watching all bug changes.