[Pkg-chromium-maint] Bug#804533: chromium: Stopped sending intermediate certs for client certificates, auth fails

bts-cr 96k9nedd27 at snkmail.com
Mon Nov 9 10:27:47 UTC 2015

Package: chromium
Version: 46.0.2490.71-1
Severity: important

Dear Maintainer,

Client certificate based authentication suddenly stopped working with this release for multiple servers. 
Upon investigation with Wireshark it shows that, when a client certificates is requested by the server, Chromium now only sends the client certificate itself without any intermediate certificates.
Version before also sent the intermediate certificates.
This leads to authentication failure at least against nginx and lighttpd servers. Authentication is working with other browser and older chromium versions.
Based on my understanding of rfc5246 section 7.4.6 and section and 7.4.2 the intermediates must be sent with the certificate.

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages chromium depends on:
ii  libasound2            1.0.29-1
ii  libatk1.0-0           2.18.0-1
ii  libavcodec-ffmpeg56   7:2.8.1-1
ii  libavformat-ffmpeg56  7:2.8.1-1
ii  libavutil-ffmpeg54    7:2.8.1-1
ii  libc6                 2.19-22
ii  libcairo2             1.14.4-1
ii  libcups2              2.1.0-5
ii  libdbus-1-3           1.10.2-1
ii  libexpat1             2.1.0-7
ii  libfontconfig1        2.11.0-6.3
ii  libfreetype6          2.6-2
ii  libgcc1               1:5.2.1-23
ii  libgdk-pixbuf2.0-0    2.32.1-1
ii  libglib2.0-0          2.46.1-1
ii  libgnome-keyring0     3.12.0-1+b1
ii  libgtk2.0-0           2.24.28-1
ii  libjpeg62-turbo       1:1.4.1-2
ii  libnspr4              2:4.10.9-2
ii  libnspr4-0d           2:4.10.9-2
ii  libnss3               2:3.20-1
ii  libnss3-1d            2:3.20-1
ii  libpango-1.0-0        1.38.1-1
ii  libpangocairo-1.0-0   1.38.1-1
ii  libpci3               1:3.3.1-1
ii  libspeechd2           0.8-7
ii  libsrtp0              1.4.5~20130609~dfsg-1.1
ii  libstdc++6            5.2.1-23
ii  libx11-6              2:1.6.3-1
ii  libxcomposite1        1:0.4.4-1
ii  libxcursor1           1:1.1.14-1+b1
ii  libxdamage1           1:1.1.4-2+b1
ii  libxext6              2:1.3.3-1
ii  libxfixes3            1:5.0.1-2+b2
ii  libxi6                2:1.7.5-1
ii  libxml2               2.9.2+zdfsg1-4
ii  libxrandr2            2:1.5.0-1
ii  libxrender1           1:0.9.9-2
ii  libxslt1.1            1.1.28-2+b2
ii  libxss1               1:1.2.2-1
ii  libxtst6              2:1.2.2-1+b1
ii  x11-utils             7.7+3
ii  xdg-utils             1.1.1-1

chromium recommends no packages.

Versions of packages chromium suggests:
pn  chromium-l10n  <none>

-- no debconf information

More information about the Pkg-chromium-maint mailing list