[squid-users] Chrome 58+: only the subjectAlternativeName extension, not commonName, is used to match the domain name and site certificate
Flashdown
flashdown at data-core.org
Thu May 18 09:41:38 UTC 2017
Dear Eliezer,
Please have look into http://bugs.squid-cache.org/show_bug.cgi?id=4711
the patches for this issue are already done. Many thx to Christos
Tsantilas!
@Amos: I hope you consider adding the patch to Squid 3.5 as well, since
for now it just has been added to Squid 4, maybe the reason is a testing
period or something similar. Would be nice to get an update like will be
added into upcoming release 3.5.xx :)
Am 2017-05-18 11:05, schrieb Eliezer Croitoru:
> Hey List,
>
> Since one of the subjects is SSL and specifically SSL-BUMP I noticed a
> change today and found out that:
> For Chrome 58 and later, only the subjectAlternativeName extension, not
> commonName, is used to match the domain name and site certificate.
> If the certificate doesn’t have the correct subjectAlternativeName
> extension, users get a NET::ERR_CERT_COMMON_NAME_INVALID error letting
> them
> know that the connection isn’t private.
>
> Google source:
> https://support.google.com/chrome/a/answer/7391219?hl=en
>
> So if someone will see something weird... it might not even be related
> directly to squid!
>
> Regards,
> Eliezer
>
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list