Ubuntu
chromium-browser package

ERR_INSECURE_RESPONSE because of BUILD_NOT_TIMELY on many SSL certs which are public

Bug #1641414 reported by Stuart Langridge
58
This bug affects 13 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Bug filed upstream at https://bugs.chromium.org/p/chromium/issues/detail?id=664798# -- added here in case the issue is to do with Ubuntu packaging of chromium rather than an upstream bug.

UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/53.0.2785.143 Chrome/53.0.2785.143 Safari/537.36

Example URL:
https://ir.ebaystatic.com/rtm/3/RTMS/Image/9739_UK_Retail_Q2_RefurbishedTechHub_BREC_300x130.jpg

Steps to reproduce the problem:
1. Visit https://ir.ebaystatic.com/rtm/3/RTMS/Image/9739_UK_Retail_Q2_RefurbishedTechHub_BREC_300x130.jpg
2. Observe the Chromium "Your connection is not private" window is shown; under advanced, it says "The server presented a certificate that was not publicly disclosed using the Certificate Transparency policy. This is a requirement for some certificates, to ensure that they are trustworthy and protect against attackers."

What is the expected behavior?
The image is displayed

What went wrong?
chrome://net-internals for this request shows:
CERT_CT_COMPLIANCE_CHECKED
build_timely = false
certificate = (snip)
ct_compliance_status = "BUILD_NOT_TIMELY"

The cert for this page seems to be publicly transparent: see https://crt.sh/?q=8E+31+45+71+77+40+9F+31+FC+CE+26+09+25+8B+E7+26+8E+A2+3C+9F+D3+77+80+A2+5B+10+3E+A4+68+DD+32+E1

Did this work before? Yes don't know; recently

Chrome version: 53.0.2785.143 Channel: stable
OS Version: Ubuntu 16.04
Flash Version: Shockwave Flash 22.0 r0

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: chromium-browser 53.0.2785.143-0ubuntu0.16.04.1.1254
ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24
Uname: Linux 4.4.0-47-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
DRM.card0-DP-1:
 edid-base64:
 dpms: Off
 modes:
 enabled: disabled
 status: disconnected
DRM.card0-HDMI-A-1:
 edid-base64:
 dpms: Off
 modes:
 enabled: disabled
 status: disconnected
DRM.card0-HDMI-A-2:
 edid-base64:
 dpms: Off
 modes:
 enabled: disabled
 status: disconnected
DRM.card0-HDMI-A-3:
 edid-base64: AP///////wAEaaMnMvwCAC8XAQOAPCJ4KqWVqlRPoSYKUFS37wDRwLMAlQCBgIFAgQCBwHFPVl4AoKCgKVAwIDUAVVAhAAAaAAAA/wBEQkxNVEYxOTU2MzQKAAAA/QAYTBhjIQAKICAgICAgAAAA/ABBU1VTIFBCMjc4CiAgAQkCAyVxUgECAxESEwQUBQ4PHR4fkCAhIiMJFweDAQAAZQMMABAAjArQiiDgLRAQPpYAVVAhAAAYAR0AclHQHiBuKFUAVVAhAAAeAR0AvFLQHiC4KFVAVVAhAAAejArQkCBAMSAMQFUAVVAhAAAYAAAAAAAAAAAAAAAAAAAAAAAAmA==
 dpms: On
 modes: 2560x1440 1920x1080 1920x1080 1920x1080 1920x1080i 1920x1080i 1920x1080 1920x1080i 1920x1080 1920x1080 1920x1080 1920x1080 1920x1080 1680x1050 1280x1024 1280x1024 1440x900 1280x960 1280x800 1152x864 1280x720 1280x720 1280x720 1440x576 1024x768 1024x768 1024x768 1440x480 1440x480 832x624 800x600 800x600 800x600 800x600 720x576 720x480 720x480 640x480 640x480 640x480 640x480 720x400
 enabled: enabled
 status: connected
DRM.card0-VGA-1:
 edid-base64:
 dpms: Off
 modes:
 enabled: disabled
 status: disconnected
Date: Sun Nov 13 14:43:20 2016
Desktop-Session:
 'ubuntu'
 '/etc/xdg/xdg-ubuntu:/usr/share/upstart/xdg:/etc/xdg'
 '/usr/share/ubuntu:/usr/share/gnome:/usr/local/share/:/usr/share/:/var/lib/snapd/desktop'
Env:
 'None'
 'None'
InstallationDate: Installed on 2014-04-07 (951 days ago)
InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64 (20131016.1)
Load-Avg-1min: 1.54
Load-Processes-Running-Percent: 0.1%
MachineType: ASUS All Series
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-47-generic.efi.signed root=UUID=ad1b3110-ee9a-4dac-839d-604080e0020d ro quiet splash vt.handoff=7
SourcePackage: chromium-browser
UpgradeStatus: Upgraded to xenial on 2016-08-04 (101 days ago)
dmi.bios.date: 12/13/2013
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 1707
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: Z87-A
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: Rev 1.xx
dmi.chassis.asset.tag: PCS
dmi.chassis.type: 3
dmi.chassis.vendor: PC SPECIALIST
dmi.chassis.version: Chassis Version
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1707:bd12/13/2013:svnASUS:pnAllSeries:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnZ87-A:rvrRev1.xx:cvnPCSPECIALIST:ct3:cvrChassisVersion:
dmi.product.name: All Series
dmi.product.version: System Version
dmi.sys.vendor: ASUS
etcconfigcpepperflashpluginnonfree:
 flashso="/usr/lib/pepperflashplugin-nonfree/libpepflashplayer.so"
 flashversion=`strings $flashso 2> /dev/null | grep LNX | cut -d ' ' -f 2 | sed -e "s/,/./g"`
 CHROMIUM_FLAGS="$CHROMIUM_FLAGS --ppapi-flash-path=$flashso --ppapi-flash-version=$flashversion"
gconf-keys: /desktop/gnome/applications/browser/exec = b'/usr/bin/chromium-browser\n'/desktop/gnome/url-handlers/https/command = b'/usr/bin/chromium-browser %s\n'/desktop/gnome/url-handlers/https/enabled = b'true\n'/desktop/gnome/url-handlers/http/command = b'/usr/bin/chromium-browser %s\n'/desktop/gnome/url-handlers/http/enabled = b'true\n'/desktop/gnome/session/required_components/windowmanager = b''/apps/metacity/general/compositing_manager = b''/desktop/gnome/interface/icon_theme = b'gnome\n'/desktop/gnome/interface/gtk_theme = b'Clearlooks\n'
modified.conffile..etc.chromium-browser.default: [modified]
modified.conffile..etc.default.chromium-browser: [deleted]
mtime.conffile..etc.chromium-browser.default: 2015-01-30T10:24:11.730353

Revision history for this message
Stuart Langridge (sil) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in chromium-browser (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.