After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 702998 - deal with duplicate/extra certs in TLS cert chain
deal with duplicate/extra certs in TLS cert chain
Status: RESOLVED DUPLICATE of bug 683266
Product: glib
Classification: Platform
Component: network
unspecified
Other Linux
: Normal normal
: ---
Assigned To: gtkdev
gtkdev
Depends on:
Blocks: 721283
 
 
Reported: 2013-06-24 18:16 UTC by Dan Winship
Modified: 2014-01-05 03:37 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Dan Winship 2013-06-24 18:16:20 UTC
Earlier today, the https-using gnome.org sites were misconfigured to send a certificate chain consisting of their own certificate twice, followed by the CA cert. Firefox handled this fine, but GTlsConnection did not, because it expected the certs to form an actual chain.

As long as there is *some* valid chain from the first cert to a known CA, it doesn't matter (for security purposes) if there are additional certs presented as well, and since Firefox apparently ignores the extra certs in this case, we should too.
Comment 1 Michael Catanzaro 2013-12-30 00:37:09 UTC
This is really similar to Bug #683266
Comment 2 Michael Catanzaro 2014-01-05 03:37:31 UTC

*** This bug has been marked as a duplicate of bug 683266 ***