← Back to team overview

enterprise-support team mailing list archive

  1. enterprise-support team
  2. Mailing list archive
  3. Message #07035

[Bug 1744184] [NEW] squid 3.3.8 serves duplicate certificates

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Hi,

It seems squid 3.3.8 packaged in Trusty has a bug that serves the
certificate twice. This is shown below:

OpenSSL:

| [hloeung@dharkan tmp]$ echo "" | openssl s_client -connect assets.ubuntu.com:443 -CApath /etc/ssl -servername assets.ubuntu.com
| CONNECTED(00000003)
| depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
| verify return:1
| depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
| verify return:1
| depth=0 C = GB, L = London, O = Canonical Group Ltd, OU = IS, CN = assets.ubuntu.com
| verify return:1
| ---
| Certificate chain
|  0 s:/C=GB/L=London/O=Canonical Group Ltd/OU=IS/CN=assets.ubuntu.com
|    i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
|  1 s:/C=GB/L=London/O=Canonical Group Ltd/OU=IS/CN=assets.ubuntu.com
|    i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
|  2 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
|    i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
| ---

GnuTLS:

| [hloeung@dharkan tmp]$ gnutls-cli  --x509cafile /etc/ssl/certs/ca-certificates.crt assets.ubuntu.com
| ...
| - Certificate[0] info:
|  - subject `CN=assets.ubuntu.com,OU=IS,O=Canonical Group Ltd,L=London,C=GB', issuer `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', serial 0x027cadfb20a3e4c9b6371b023b0e8e35, ...
| - Certificate[1] info:
|  - subject `CN=assets.ubuntu.com,OU=IS,O=Canonical Group Ltd,L=London,C=GB', issuer `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', serial 0x027cadfb20a3e4c9b6371b023b0e8e35, ...

This is fixed in upstream squid 3.3.9 per changelog[1] below:

Changes to squid-3.3.9 (11 Sep 2013):
	- Bug 3849: Duplicate certificate sent when using https_port

Any chance we could get this fix backported?


Thanks,

Haw


[1]http://www.squid-cache.org/Versions/v3/3.3/ChangeLog.txt

** Affects: squid3 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to squid3 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1744184

Title:
  squid 3.3.8 serves duplicate certificates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1744184/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next