New issue
Advanced search Search tips

Issue 756026 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Aug 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

chrome block access to https://wiki.xiph.org

Reported by bau...@gmail.com, Aug 16 2017 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.39 Safari/537.36

Steps to reproduce the problem:
1. open https://wiki.xiph.org/Opus_Recommended_Settings

What is the expected behavior?
display page (same as firefox, Opera, Internet explorer)

What went wrong?
page not displayed, and no option to pass alert!
-I will not sent private secret data, Even with a shit certificate, I want to display the page .. unless the site is in the HSTS list (but here it is not), just see website to search information!

-detail display PEM encoded chain! Bizarre to have an info so technical, while Chrome chose not to even show the link to the certificate (however thanks for the flags that allows to activate this)

Did this work before? N/A 

Chrome version: 61.0.3163.39  Channel: beta
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: 

PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIGvDCCBaSgAwIBAgIQJetgAdAsEo3gbgtfvXEJATANBgkqhkiG9w0BAQsFADB4
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMg
U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAMTHVN0YXJ0
Q29tIENsYXNzIDIgSVYgU2VydmVyIENBMB4XDTE2MDMzMTIxNDU1MFoXDTE4MDMz
MTIxNDU1MFowZTELMAkGA1UEBhMCQ0ExGTAXBgNVBAgMEEJyaXRpc2ggQ29sdW1i
aWExEjAQBgNVBAcMCVZhbmNvdXZlcjEUMBIGA1UECgwLUmFscGggR2lsZXMxETAP
BgNVBAMMCHhpcGgub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
2YE/LWrlc+6GWUkxV4zvkUkXImYQhMMDvfp2OS0q2VK/zOJxca5vVjhI0f9zuJZi
4Iz8u7ZSzWeh3JQv8PVbPlUIE9vPC8vtbPLxcQZs91CtQgSb2nY2Nt1T4Bu0bRBn
KhfSRp4RiVySnlnOUr9zAOTKyPQJXn0q1E98KrqZcX9J7b9A7ng7VVLqEv46Q9E+
BisHRY8TeqMPbQ65UechweHojg9iOYxyiCY5zFjpweYGRs+5wtL4KLT/u1tdGfdN
dB11HttlrPdosRE/UPQo7dcHzID9iRu2Wv51xQarfTB+qhibFxzyj0vGC0VHKA+m
1+AiNTMeEVjExijUBFRz/QIDAQABo4IDUzCCA08wDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAJBgNVHRMEAjAAMB0GA1UdDgQW
BBRdh8APNKTFsSKkPkTciwAY9SP/GzAfBgNVHSMEGDAWgBSU3oVBKqXZRfZgLC5M
kwmmLCN+PjBvBggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
LnN0YXJ0c3NsLmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL2FpYS5zdGFydHNzbC5j
b20vY2VydHMvc2NhLnNlcnZlcjIuY3J0MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL3NjYS1zZXJ2ZXIyLmNybDAtBgNVHREEJjAkggh4
aXBoLm9yZ4IMd3d3LnhpcGgub3JnggoqLnhpcGgub3JnMCMGA1UdEgQcMBqGGGh0
dHA6Ly93d3cuc3RhcnRzc2wuY29tLzBQBgNVHSAESTBHMAgGBmeBDAECAzA7Bgsr
BgEEAYG1NwECBTAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3LnN0YXJ0c3NsLmNv
bS9wb2xpY3kwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2AM21F5t/wcBG/uox
E2o/jwAuYYL6+Ilv7Miy9bWrYEkAAAABU87T1fYAAAQDAEcwRQIhAMjSMk8S7QU1
TpAdlWsKmV0VtX5Od3cBmOcXSj61NBqrAiB5HDObnrfiUyTdZMgTh+WV6P4ZttmU
ssz+WCPOzqUHJQB3AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT/vEAAAB
U87T4hsAAAQDAEgwRgIhAOAffNdyTTRLXlsUrlFXo5yTHv8vdnqpr8apjTMK5sP+
AiEA74felzao3YYZl2S8BvXtUPc4MOayKQJSam/qGjXecGEAdwDuS723dc5guuFC
aR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVPO0+byAAAEAwBIMEYCIQCbKeI1U8UE
PU7gYiumZ0avEbZzHAJxboxgshLy/X/7kAIhAN3nunDBvIsFY6pxtbjWLu/7VBwM
aHHUxyIiIEkezJUNMA0GCSqGSIb3DQEBCwUAA4IBAQAoy7ba4dc2rtKpGMqwivbv
+HwcP9z41jjRQYrXUnrYdn44IXUt6g1ryiPMvd/VShS9VCwmyrbir8OhW8tbZLLW
zadWdzPyjLjpAedaE+MHxIP5uX8EqJ/NlQWl1UPtDCXcA0gqaS3uaLljNJuagxkb
PvJUX1OcKdgqdYUELmr8htLZSxnJfBTVCHx8+zB44ZqsYQjqs7IaDiTFi9rkDihr
372CKOi23fZSaRdN0+Ifxva6T68QOFRN38fVbo9vGEnIljPFgpsdPOyjm40ajv0K
jbVv9hEsE4+KrWZ0tbUz+RU5qVUDVbbBYFOvQB7Fj1jiXfPiKpwtDEp5J6sjLcGY
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF5TCCA82gAwIBAgIQJkO7MqFmSHrhnWx5xD/iZjANBgkqhkiG9w0BAQsFADB9
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTUxMjE2MDEwMDA1WhcN
MzAxMjE2MDEwMDA1WjB4MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g
THRkLjEpMCcGA1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
JjAkBgNVBAMTHVN0YXJ0Q29tIENsYXNzIDIgSVYgU2VydmVyIENBMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnL29gjx6E467y4OsHo42TCn1rC7JXUnv
epzPE9KLbJiQi63JSLTr/QVGjhWFQBhqwXKlyTyBNGoOuV+yRoimqkPDdV6ZdnIn
RwmKAnVhvMVd2WXeqSJtq5STa2nuOnLTwYBnyVsOIo9YdnvFhDXAGjQ3hXWQIq00
f43XE8Fik+9EUG/oF7VLlIACAJnhotAj2dR2TvQmyBbEEN2PhLH3WANZklMbao2c
sASqSwyOmAB5+35nSagpMYuuVa4ZSnm2EaF8emLxiiFK5InCBZjRG4u+YLrEv7+m
KrnHOMVWkOE7mzKxtuHFYW2LRB++eJGLUdn1KiviZDS/ofOhIhfstwIDAQABo4IB
ZDCCAWAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF
BQcDATASBgNVHRMBAf8ECDAGAQH/AgEAMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDBmBggrBgEFBQcBAQRaMFgwJAYI
KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbTAwBggrBgEFBQcwAoYk
aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvY2EuY3J0MB0GA1UdDgQWBBSU
3oVBKqXZRfZgLC5MkwmmLCN+PjAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD
0EGu8jA/BgNVHSAEODA2MDQGBFUdIAAwLDAqBggrBgEFBQcCARYeaHR0cDovL3d3
dy5zdGFydHNzbC5jb20vcG9saWN5MA0GCSqGSIb3DQEBCwUAA4ICAQC16kMuZh8h
lVsgzybaIix2qySQFU+rPgqSqeyrDSmJwpDbaKjwakm6LJ2DLX5MRFjNPCh+ArQf
CU1UUJa65n7UaQWt6q8kUwifHcIn+fFJdNV3N4zdvlKxwveqBSQZiXeIUO/hHr1U
i7Gw6s0On+K0fD9oNcgCRR3vPicB2frK7BhOFje6xowsWexxPfJHI69lCq73O7Ke
xXqp/V8f8uGF8L4KU3xW6RDG57RrXh5+LNxUQmZ2tIAaPyHTND5zbxff8Z/ZbgGG
HKbsuPkAUIG+bHpq5b6bf2x2NxMhqYSMI+GJJ9FmmiCV+P3+0ywBYGNhJkcFUYvo
SUduHz+/RXd6G/ejrvKp58rbZ9iCISLZjpo5gYEfLIl6IQJcZPM8FIWKLKhtIoKX
5ctNL3epV4DzIDZxLaSruEBQFeDQj6p/74pUYLQBP523anf6StXBtYgbfImRoIh4
I8L85aB/TUyLOJA/sKx/WFrXOxE9K4q+Pf5tq3gzZEchM/btMYn1cw1GPUt4nHya
zS52LrP0+Q77ao1Gza9svd8HE1NZ9NIVJO71QskqjxvGiTt048r4gLSXaM1zP2w9
nMsIw1IpxXE8h9UHAllgh8oNHno5I9nLfynbEhXxGy9RlfcLN/J8iOqyagfgxrUy
DPKMh5xGeLKMQSzjyQ1bV0WGC1JmJp+QDQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA
A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk
pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf
OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C
Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT
Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi
HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM
Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w
+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+
Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3
Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B
26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID
AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE
FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j
ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js
LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM
BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0
Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy
dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh
cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh
YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg
dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp
bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ
YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT
TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ
9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8
jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW
FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz
ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1
ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L
EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu
L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq
yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC
O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V
um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh
NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=
-----END CERTIFICATE-----
chrome-block-xiph.png
64.8 KB View Download

Comment 1 by pauljensen@chromium.org, Aug 16 2017

Components: -UI Internals>PageSecurityState
"Beginning with Chrome 56, certificates issued by WoSign and StartCom after October 21, 2016 00:00:00 UTC will not be trusted."
https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html

Comment 2 by bau...@gmail.com, Aug 16 2017 

yes but this website work fine last month with chrome.
And not trusted is not 'NET::ERR_CERT_REVOKED'; And why prevent access?
I trust Startcom; Google will not force users of Startcom to switch on Let'sEncrypt (from Google)?

Comment 3 by pauljensen@chromium.org, Aug 16 2017

Components: Internals>Network>SSL

Comment 4 by rsleevi@chromium.org, Aug 16 2017

Components: -Internals>Network>SSL -Internals>PageSecurityState Internals>Network>Certificate
Status: WontFix (was: Unconfirmed)
As noted in https://security.googleblog.com/2017/07/final-removal-of-trust-in-wosign-and.html , trust in the CAs operated by StartCom and WoSign have been removed due to serious lapses of security that leave users at risk.

This is the conclusion of the gradual removal, communicated initially via the link in Comment 1.

You have a choice of any CA still trusted by Chrome. Chrome does not require to use any particular CA, but does remove trust from certain CAs, regardless of OS settings, as described in https://www.chromium.org/Home/chromium-security/root-ca-policy , if those CAs put users at risk.

Comment 5 by bau...@gmail.com, Aug 16 2017 

Again, a clear view of the abuse of dominance! Completely block access to websites instead of simply indicating a certificate issue for Google. thanks

Comment 6 by bau...@gmail.com, Aug 16 2017 

Moreover, if Chrome wishes to manage the certificates, it would be good not to depend on the system store. Especially when it is not respected. And make chrome certificat store (see firefox)

Comment 7 by bau...@gmail.com, Aug 16 2017 

startcom -> letsencrypt
chrome-letsencrypt.png
2.4 KB View Download

Sign in to add a comment