New issue
Advanced search Search tips

Issue 606830 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Apr 2016
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug-Security



Sign in to add a comment

v1 cert can be used as CA

Reported by i...@leonklingele.de, Apr 26 2016 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36

Steps to reproduce the problem:
1. Run these commands: https://gist.github.com/leonklingele/d3c3c4822a2ba886e8c2023b944e2dbd
2. Add `ca-public.crt` to your system trust-store
3. Use `host-private.key` and `host-public.crt` on a virtual host (consider using the same Common Name you used when creating `host-request.csr`

What is the expected behavior?
- Certificate for this virtual host should not be trusted (like in Firefox, you get a warning: "Error: MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA")

What went wrong?
- Certificate is trusted

Did this work before? N/A 

Chrome version: 50.0.2661.86  Channel: stable
OS Version: OS X 10.11.4
Flash Version: Shockwave Flash 21.0 r0

Comment 1 by rsesek@chromium.org, Apr 26 2016

Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)
This is working as intended. Chrome uses the system trust store rather than a built-in one, so adding a new root to the trust store will trust certificates signed by it.
Project Member

Comment 2 by sheriffbot@chromium.org, Oct 1 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by sheriffbot@chromium.org, Oct 2 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 4 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Sign in to add a comment