Issue 720070 link

Starred by 2 users

Issue metadata

Status:	Duplicate
Merged:	issue 700140
Owner:	----
Closed:	May 2017
Components:	Internals>Network>Certificate
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	3
Type:	Bug
Needs-Milestone

Cerftificate Error: "website sent scrambled credentials"

Reported by raulc...@gmail.com, May 9 2017

Issue description

Chrome Version       : 57.0.2987.133
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
URLs (if applicable) : Local IP of device
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue:
     Safari 5:
  Firefox 4.x: OK
     IE 7/8/9: OK

What steps will reproduce the problem?
1.  Locally signed certificate on device running Apache.
2.  browse to HTTPS://LAN IP

Receive page:

172.27.9.62 normally uses encryption to protect your information. When Google Chrome tried to connect to 172.27.9.62 this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be 172.27.9.62, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

You cannot visit 172.27.9.62 right now because the website sent scrambled credentials that Google Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later. Learn more.

What is the expected result?

Allow user to continue to site after initial warning.

What happens instead of that?

No access to the site.  Cannot continue past the warning page.



Please provide any additional information below. Attach a screenshot if
possible.

UserAgentString: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

chrome-net-export-log.json
731 KB View Download

Comment 1 by raulc...@gmail.com, May 9 2017

Screen shot

	error page screen shot.png 99 KB View Download

Comment 2 by raulc...@gmail.com, May 9 2017

2017599: SOCKET
ssl/172.27.9.62:443
Start Time: 2017-05-09 12:29:48.762

t=7965 [st= 0] +SOCKET_ALIVE  [dt=15]
                --> source_dependency = 2017598 (TRANSPORT_CONNECT_JOB)
t=7965 [st= 0]   +TCP_CONNECT  [dt=2]
                  --> address_list = ["172.27.9.62:443"]
t=7965 [st= 0]      TCP_CONNECT_ATTEMPT  [dt=2]
                    --> address = "172.27.9.62:443"
t=7967 [st= 2]   -TCP_CONNECT
                  --> source_address = "172.27.9.68:61024"
t=7967 [st= 2]   +SOCKET_IN_USE  [dt=13]
                  --> source_dependency = 2017597 (SSL_CONNECT_JOB)
t=7967 [st= 2]     +SSL_CONNECT  [dt=13]
t=7967 [st= 2]        SOCKET_BYTES_SENT
                      --> byte_count = 183
t=7975 [st=10]        SOCKET_BYTES_RECEIVED
                      --> byte_count = 1347
t=7978 [st=13]        SOCKET_BYTES_SENT
                      --> byte_count = 126
t=7980 [st=15]        SOCKET_BYTES_RECEIVED
                      --> byte_count = 258
t=7980 [st=15]        SSL_CERTIFICATES_RECEIVED
                      --> certificates =
                             -----BEGIN CERTIFICATE-----
                             MIIDkzCCAnsCBFjRpyswDQYJKoZIhvcNAQELBQAwgY0xCzAJBgNVBAYTAlVTMQsw
                             CQYDVQQIEwJDQTELMAkGA1UEBxMCU0QxDTALBgNVBAoTBEVXVkUxDzANBgNVBAsT
                             BmlQcmlzbTEhMB8GA1UEAxMYZWRnZWlwcmlzbS5zdGJlcm5hcmQuY29tMSEwHwYJ
                             KoZIhvcNAQkBFhJyY290YUBlZGdld2F2ZS5jb20wHhcNMTcwMzIxMjIyMDI3WhcN
                             MjcwMzE5MjIyMDI3WjCBjTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYD
                             VQQHEwJTRDENMAsGA1UEChMERVdWRTEPMA0GA1UECxMGaVByaXNtMSEwHwYDVQQD
                             ExhlZGdlaXByaXNtLnN0YmVybmFyZC5jb20xITAfBgkqhkiG9w0BCQEWEnJjb3Rh
                             QGVkZ2V3YXZlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGY
                             9dcPRVtMKM7hGdbYkVdibATHVeTrCdXNQqXwHzRne8km51ef1o/E+Ztb/TNcwGIL
                             Q0eEm6iVJMOnfQLchZXdkIdzLZMCoCuolh0ot7kZBgObJPV5gjpBTOv8twbq+0r3
                             Z6UUNoZRu+2b+FpXCQm2MGpUqvrHxrnJmMT3Cn4VUpz+poJmx/9lRp/2wXAvxSt1
                             DOz5MGdEHAMvGdAOemJLuasJuBwB28s+bfoZosflomsr/XYfgHvRv5WXEzU6zkzV
                             69gux2zbWXj4w4zSCZmmBNN5EhcZLbMBdHQmTqscUeznBxdLqN+Y3kBI0/o+TsEV
                             3hEeX/sPQGXQ9G4Kjb8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAH6JaYB3hCZwn
                             1422RLJHb+GB6HVRUIQJZpn4oGdChurQ+55e0fLOLFU5OEooPzRWBDJdAbO0kHG+
                             4kpzhTlnScxIvA2MMQwqcMOjkKl5R7xXlrJCBxZIRtzbDBhilOEV7ifBkw/UQ3NY
                             kdiPG+c64hUFVdwEBNA8il6F30KQnTV8zbAcElo1xrmkEZYWsyxznZcsoxpkNYL8
                             MFcD7BX5xVWvJSYit61D2agHO52JxCN0EFFjQ0n+8ZASax8rpWdc48tpj8TPoDNs
                             gpPIi5nmj4F5TJA/mr8sPpanQYw4yq+1jXoQk+c0Kyj0gvIyaV9ZGJb0R2lh/X7w
                             IYSQNjpboQ==
                             -----END CERTIFICATE-----
                             
t=7980 [st=15]     -SSL_CONNECT
                    --> net_error = -207 (ERR_CERT_INVALID)
t=7980 [st=15]      SOCKET_CLOSED
t=7980 [st=15]   -SOCKET_IN_USE
t=7980 [st=15] -SOCKET_ALIVE

Comment 3 by raulc...@gmail.com, May 9 2017

Certificate is signed by the device manufacturer as the CA, the cert is used for web filtering and SSL decryption/inspection in corporate enviornments.  Firefox gives the message:

172.27.9.62 uses an invalid security certificate. The certificate is not valid for the name 172.27.9.62. Error code: SSL_ERROR_BAD_CERT_DOMAIN

But it will allow you to add an exception and continue.

Comment 4 by ajha@chromium.org, May 10 2017

Components: Internals>Network>Certificate
Labels: Needs-Milestone

Comment 5 by mattm@chromium.org, May 10 2017

Mergedinto: 700140
Status: Duplicate (was: Unconfirmed)

Like in  issue 700140 , this a v1 certificate being rejected by the underlying crypto library.  You should ask the device manufacturer for an update to resolve the issue.

(Attached text version of cert for reference.)

720070.pem
4.0 KB Download

►

Issue 720070 link

Issue metadata

Cerftificate Error: "website sent scrambled credentials"

Issue description

Comment 1 by raulc...@gmail.com, May 9 2017

Comment 1 Deleted

Comment 2 by raulc...@gmail.com, May 9 2017

Comment 2 Deleted

Comment 3 by raulc...@gmail.com, May 9 2017

Comment 3 Deleted

Comment 4 by ajha@chromium.org, May 10 2017

Comment 4 Deleted

Comment 5 by mattm@chromium.org, May 10 2017

Comment 5 Deleted

Sign in to add a comment