squid 3.3.8 serves duplicate certificates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Squid |
Unknown
|
Unknown
|
|||
squid3 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
Trusty |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Hi,
It seems squid 3.3.8 packaged in Trusty has a bug that serves the certificate twice. This is shown below:
OpenSSL:
| [hloeung@dharkan tmp]$ echo "" | openssl s_client -connect assets.
| CONNECTED(00000003)
| depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
| verify return:1
| depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
| verify return:1
| depth=0 C = GB, L = London, O = Canonical Group Ltd, OU = IS, CN = assets.ubuntu.com
| verify return:1
| ---
| Certificate chain
| 0 s:/C=GB/
| i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
| 1 s:/C=GB/
| i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
| 2 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
| i:/C=US/O=DigiCert Inc/OU=
| ---
GnuTLS:
| [hloeung@dharkan tmp]$ gnutls-cli --x509cafile /etc/ssl/
| ...
| - Certificate[0] info:
| - subject `CN=assets.
| - Certificate[1] info:
| - subject `CN=assets.
This is fixed in upstream squid 3.3.9 per changelog[1] below:
Changes to squid-3.3.9 (11 Sep 2013):
- Bug 3849: Duplicate certificate sent when using https_port
Any chance we could get this fix backported?
Thanks,
Haw
Changed in squid3 (Ubuntu): | |
status: | New → Won't Fix |
Changed in squid3 (Ubuntu Trusty): | |
status: | New → Won't Fix |
https:/ /github. com/squid- cache/squid/ commit/ 684bc9f28823682 8721498f919cb7b d719f96857