Flash falls back to rtmp when using rtmps with Intermediate CA
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
flashplugin-nonfree (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
This is an upstream issue with Flash on Linux. Reporting this to Adobe directly on September 24 (Bug 3335863 on https:/
This has now been confirmed in both 11.2.202.238 and 11.2.202.243 on Ubuntu.
The full bug is as follows:
rtmps fails on Linux if using a certificate signed with an Intermediate CA, falling back to rtmp if default ports haven't been changed.
Steps to Reproduce:
rtmps with proxyType="best" using stunnel with Intermediate Server CA (tested with: StartCom Class 1 Primary Intermediate Server CA)
http://
Actual Result:
NetConnection.
- fails with Unknown CA, despite Intermediate CA being in the Server Hello (confirmed with wireshark).
Expected Result:
NetConnection.
Any Workarounds:
1. Add Intermediate certificate to the browser's certificate pool.
2. Use a different Operating System. rtmps (rtmp over tls) works on Windows, I haven't tried other Linux distributions.
3. Use Google Chrome on Linux (Pepper-based Flash Player - version 11.4.31.110)
security vulnerability: | yes → no |
visibility: | private → public |
Status changed to 'Confirmed' because the bug affects multiple users.