On 28/08/14 04:43, Amos Jeffries wrote:
>
> * Various SSL-bump certificate mimic errors
>
> These bugs show up most notably for users of Firefox complaining about
> a sec_error_inadequate_key_usage error. They are caused by Squid
> generating a fake certificate with the wrong X.509 version details for
> the TLS extensions being mimiced in that certificate.
>
Hi there, I've just upgraded from 3.4.6 to 3.4.7 and at first it didn't
seem to have fixed the sslbump problem
eg this link still generates the "sec_error_extension_value_invalid" error
So I was about to put in a bug report when I realised something: I'd
still have the pre-existing "corrupt" Squid-generated cert in the
cache! So I manually deleted all boxcdn.net certs I had, restarted
squid and it's all fixed ;-)
Just thought I'd share that - I probably won't be the only one who gets
that wrong ;-)
Other than wiping out the entire cert cache, is there any "openssl x509
..." command I could run to hunt down all similar broken certs - so I
only delete them?
Thanks!
-- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1Received on Sat Aug 30 2014 - 21:38:32 MDT
This archive was generated by hypermail 2.2.0 : Sun Aug 31 2014 - 12:00:06 MDT