Bug#769381: iceweasel does not report for self-signed certificate (MITM to youtube.com)
Stanislav Vlasov
stanislav.v.v at gmail.com
Thu Nov 13 12:04:53 UTC 2014
2014-11-13 15:05 GMT+05:00 Mike Hommey <mh at glandium.org>:
>> Package: iceweasel
>> Version: 31.2.0esr-2~deb7u1
>> Severity: normal
>>
>> Dear Maintainer,
>>
>> My internet provider add url-filtration for https by using self-signed
>> certificates.
>> Google Chrome (from google) and Chromium (from Debian) see it and fail.
>> Iceweasel does nothing, as if cert is valid.
>>
>> I am exec openssl s_client -connect www.youtube.com:443 via filter and
>> direct and attach output
>
> What does it say on
> https://www.pcwebshop.co.uk/ ? If it shows the untrusted screen, what
> does it say under technical details ?
Expired cert and "Parallels Panel" as CN.
> What happens if you run iceweasel with a fresh profile and in safe mode?
> (iceweasel -P -safe-mode)
Was tried before bugreport, nothing changed, www.youtube.com opened
well in iceweasel, when chromium fail with cert error.
New information:
I forgot to save cert before bugreport and take when was write it.
Now i see, that provider change cert, nothing failed in any browser
and new cert was attached to bugreport
I get https://pki.google.com/GIAG2.crt and run:
$ openssl x509 -inform DER -outform PEM -in GIAG2.crt -out GIAG2.pem
$ openssl verify -verbose -CAfile GIAG2.pem cert_filter
cert_filter: OK
$ openssl verify -verbose -CAfile GIAG2.pem cert_direct
cert_direct: OK
Provider beat me and other clients. So, i can't repeat bug now.
Sorry.
--
Stanislav
More information about the pkg-mozilla-maintainers
mailing list