Issue 770167 link

Starred by 2 users

Issue metadata

Status:	Archived
Owner:	----
Closed:	Oct 2017
Components:	Internals>Network>Certificate Internals>Network>SSL
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	3
Type:	Bug
Needs-Feedback

chrome: ERR_SSL_SERVER_CERT_BAD_FORMAT accessing google.com a other like this.

Reported by gratini...@gmail.com, Sep 29 2017

Issue description

Chrome Version       : <Copy from: 'about:version'>
OS Version: 10.0
URLs (if applicable) :
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue:
     Safari 5:
  Firefox 4.x:
     IE 7/8/9:

What steps will reproduce the problem?
1.
2.
3.

What is the expected result?


What happens instead of that?


Please provide any additional information below. Attach a screenshot if
possible.

chrome-net-export-log.json
69.7 KB View Download

Comment 1 by mef@chromium.org, Sep 29 2017

Components: Internals>Network>Certificate Internals>Network>SSL

The actual URL is https://www.google.es/ and the netlog does indeed show ERR_SSL_SERVER_CERT_BAD_FORMAT:

392: SOCKET
ssl/www.google.es:443
Start Time: 2017-09-29 08:00:58.661

t=  5 [st=  0] +SOCKET_ALIVE  [dt=542]
                --> source_dependency = 386 (TRANSPORT_CONNECT_JOB)
t=  5 [st=  0]   +TCP_CONNECT  [dt=0]
                  --> address_list = ["108.177.119.94:443"]
t=  5 [st=  0]      TCP_CONNECT_ATTEMPT  [dt=0]
                    --> address = "108.177.119.94:443"
t=  5 [st=  0]   -TCP_CONNECT
                  --> source_address = "127.0.0.1:49583"
t=  5 [st=  0]   +SOCKET_IN_USE  [dt=542]
                  --> source_dependency = 385 (SSL_CONNECT_JOB)
t=  5 [st=  0]     +SSL_CONNECT  [dt=542]
t=  5 [st=  0]        SSL_HANDSHAKE_MESSAGE_SENT
                      --> hex_encoded_bytes =
                        01 00 00 C0 03 03 EE 68  E6 2C F7 27 3A 36 2A A0   .  ....h.,.':6*.
                        92 3C AE 76 8D EE 44 BA  DF BC 96 48 E4 11 79 2D   .<.v..D....H..y-
                        42 E8 8A 2B 15 FC 00 00  1C EA EA C0 2B C0 2F C0   B..+..  ....+./.
                        2C C0 30 CC A9 CC A8 C0  13 C0 14 00 9C 00 9D 00   ,.0........ . . 
                        2F 00 35 00 0A 01 00 00  7B EA EA 00 00 FF 01 00   / 5 ..  {..  .. 
                        01 00 00 00 00 12 00 10  00 00 0D 77 77 77 2E 67   .    . .  .www.g
                        6F 6F 67 6C 65 2E 65 73  00 17 00 00 00 23 00 00   oogle.es .   #  
                        00 0D 00 14 00 12 04 03  08 04 04 01 05 03 08 05    . . ...........
                        05 01 08 06 06 01 02 01  00 05 00 05 01 00 00 00   ........ . ..   
                        00 00 12 00 00 00 10 00  0E 00 0C 02 68 32 08 68     .   . . ..h2.h
                        74 74 70 2F 31 2E 31 75  50 00 00 00 0B 00 02 01   ttp/1.1uP   . ..
                        00 00 0A 00 0A 00 08 6A  6A 00 1D 00 17 00 18 2A     . . .jj . . .*
                        2A 00 01 00                                        * . 
                      --> type = 1
t=  5 [st=  0]        SOCKET_BYTES_SENT
                      --> byte_count = 201
t= 18 [st= 13]        SOCKET_BYTES_RECEIVED
                      --> byte_count = 809
t= 18 [st= 13]        SSL_HANDSHAKE_MESSAGE_RECEIVED
                      --> hex_encoded_bytes =
                        02 00 00 35 03 03 CA 21  29 58 9F A4 30 6B 94 B2   .  5...!)X..0k..
                        7C E2 7C 4D 70 D5 06 D3  CD 6E 54 5A FC 4C C2 18   |.|Mp....nTZ.L..
                        88 D7 76 C9 88 EB 00 00  9C 00 00 0D 00 00 00 00   ..v...  .  .    
                        FF 01 00 01 00 00 23 00  00                        .. .  #  
                      --> type = 2
t= 18 [st= 13]        SSL_HANDSHAKE_MESSAGE_RECEIVED
                      --> hex_encoded_bytes =
                        0B 00 02 D9 00 02 D6 00  02 D3 30 82 02 CF 30 82   . .. .. ..0...0.
                        01 B7 02 04 D7 29 AA FC  30 0D 06 09 2A 86 48 86   .....)..0...*.H.
                        F7 0D 01 01 0B 05 00 30  22 31 10 30 0E 06 03 55   ...... 0"1.0...U
                        04 0A 0C 07 4B 61 79 7A  79 63 66 31 0E 30 0C 06   ....Kayzycf1.0..
                        03 55 04 03 0C 05 44 79  75 64 6F 30 1E 17 0D 31   .U....Dyudo0...1
                        37 30 39 32 38 30 37 33  36 32 36 5A 17 0D 31 38   70928073626Z..18
                        30 39 32 39 30 37 33 36  32 36 5A 30 18 31 16 30   0929073626Z0.1.0
                        14 06 03 55 04 03 0C 0D  77 77 77 2E 67 6F 6F 67   ...U....www.goog
                        6C 65 2E 65 73 30 82 01  22 30 0D 06 09 2A 86 48   le.es0.."0...*.H
                        86 F7 0D 01 01 01 05 00  03 82 01 0F 00 30 82 01   ....... .... 0..
                        0A 02 82 01 01 00 CD 64  1F B7 85 C2 A4 17 04 95   ..... .d........
                        FE 77 F5 8F EA D7 96 2F  42 C0 15 FF BF 1D 63 03   .w...../B.....c.
                        2B F3 F8 A6 72 34 35 A4  68 2D 9B 40 16 15 7F 42   +...r45.h-.@...B
                        4A 86 F1 0E 43 C9 29 C0  8A 5B F7 C0 87 1F 84 69   J...C.)..[.....i
                        3C D9 31 43 41 AB DA F9  FD 3F 8F 19 4D F8 03 13   <.1CA....?..M...
                        D4 FA CF 10 A7 4A C2 7F  0A 6E 54 6B F6 DB D7 6D   .....J...nTk...m
                        4C A7 F5 14 E8 DF F2 E2  4C 5D 41 BB CD 24 39 C9   L.......L]A..$9.
                        53 DF FE 6F 6F 32 25 38  30 EE BF 16 1E 25 42 2D   S..oo2%80....%B-
                        D2 9D A9 4A 7F E6 5F ED  A9 55 D8 43 25 1C 76 1E   ...J.._..U.C%.v.
                        AC 40 BF 9D 7D 42 80 F3  CA 7A 96 06 E3 E1 47 4D   .@..}B...z....GM
                        F4 9D 44 06 0D AD 24 4D  A9 C6 CE 85 29 0D DA 65   ..D...$M....)..e
                        BE 80 5D D1 5C E2 9E E3  71 92 A2 C7 2E 99 16 CC   ..].\...q.......
                        7D FF 40 00 BF 75 7C 0F  F0 AF F1 A4 57 29 53 F5   }.@ .u|.....W)S.
                        2C 7E EC F2 17 98 C3 9B  C2 A4 9F A1 F4 B4 05 43   ,~.............C
                        75 E7 53 69 97 B4 95 9D  93 3E BF D2 A9 C1 C8 9D   u.Si.....>......
                        43 11 A4 8D 62 20 92 D2  F3 CC 4A 9C 7C A3 F1 0B   C...b ....J.|...
                        CB 94 23 6E D2 7D 02 03  01 00 01 A3 1C 30 1A 30   ..#n.}... ...0.0
                        18 06 03 55 1D 11 04 11  30 0F 82 0D 77 77 77 2E   ...U....0...www.
                        67 6F 6F 67 6C 65 2E 65  73 30 0D 06 09 2A 86 48   google.es0...*.H
                        86 F7 0D 01 01 0B 05 00  03 82 01 01 00 26 6A 31   ....... .... &j1
                        8B 93 2C 0F C9 03 F6 5F  8A 99 F3 15 4F 23 87 04   ..,...._....O#..
                        E0 E6 2F 0C 62 58 3D BF  A9 99 A8 AD 63 B4 40 D2   ../.bX=.....c.@.
                        60 52 9E C4 4B B1 CF F4  F7 60 2F 36 E6 40 86 6F   `R..K....`/6.@.o
                        47 B8 60 CC B1 40 EA 9A  21 D6 8A CD 94 17 3A 50   G.`..@..!.....:P
                        68 CB 95 82 84 BD F7 75  A6 DE DF 65 3C E1 E0 63   h......u...e<..c
                        EB 05 67 F3 C6 49 7C 6D  85 FB 60 A2 5C D9 4D 18   ..g..I|m..`.\.M.
                        15 79 2C 23 6F DB 55 9E  47 9D 6B FB 1E 5A B2 EC   .y,#o.U.G.k..Z..
                        83 7F 2F 25 88 BE B1 63  B1 64 49 1A BE 50 8C B8   ../%...c.dI..P..
                        81 33 85 36 4C 95 1C 4C  5D 7B 71 7E 75 DD 9E AC   .3.6L..L]{q~u...
                        7C 69 A1 F6 B2 D1 3E AB  35 22 F2 06 49 76 57 09   |i....>.5"..IvW.
                        5B 0F 0A F3 A8 01 92 36  9E A7 95 2B E8 74 98 CB   [......6...+.t..
                        7B C2 56 64 73 69 50 AA  F0 3C 10 C1 44 35 54 19   {.VdsiP..<..D5T.
                        59 15 9C 16 24 AE 8B 8B  9D 96 AC DB BC 4C A7 B7   Y...$........L..
                        B2 2B 9C C3 B6 D0 23 70  99 DA 29 4A 0B DD C0 47   .+....#p..)J...G
                        52 65 C1 BC 86 59 EC 6B  2D 57 16 C8 7A BD FF FF   Re...Y.k-W..z...
                        34 F1 31 F7 2E EA C3 30  5D 06 DD A6 11            4.1....0]....
                      --> type = 11
t= 19 [st= 14]        SSL_HANDSHAKE_MESSAGE_RECEIVED
                      --> hex_encoded_bytes =
                        0E 00 00 00                                        .   
                      --> type = 14
t= 19 [st= 14]        SSL_HANDSHAKE_MESSAGE_RECEIVED
                      --> hex_encoded_bytes =
                        0E 00 00 00                                        .   
                      --> type = 14
t= 19 [st= 14]        SSL_HANDSHAKE_MESSAGE_RECEIVED
                      --> hex_encoded_bytes =
                        0E 00 00 00                                        .   
                      --> type = 14
t= 19 [st= 14]        SSL_HANDSHAKE_MESSAGE_SENT
                      --> hex_encoded_bytes =
                        10 00 01 02 01 00 0D 70  96 A9 84 6A 5B E0 F1 21   . ... .p...j[..!
                        08 47 DA 36 87 7E EF 12  48 C2 A2 76 E4 71 52 98   .G.6.~..H..v.qR.
                        47 F6 3F 2B 6C 13 DB D1  3A A6 D7 57 57 CC C2 FF   G.?+l...:..WW...
                        35 09 AD 00 B0 6D DA 8D  78 98 FD 56 7C A4 9F 14   5.. .m..x..V|...
                        53 0C 73 6B 78 12 8C 3C  39 2C C9 56 4E DA E9 56   S.skx..<9,.VN..V
                        96 2A 8B D3 37 F7 4C 96  92 AC 1E 57 79 53 C6 CA   .*..7.L....WyS..
                        D4 97 03 03 86 4C 03 F2  C1 96 12 98 D1 B4 54 98   .....L........T.
                        F8 8B BF D4 F1 35 C5 D4  15 63 6B 80 62 17 B2 5D   .....5...ck.b..]
                        22 70 38 F5 58 DA 0F 96  16 89 58 1D 45 95 FD 7C   "p8.X.....X.E..|
                        20 94 65 7C A1 85 35 89  AD 3B 6A E1 9C E0 4A E2    .e|..5..;j...J.
                        34 4B 3E E6 03 3F 3D 92  C7 5E E5 67 38 A0 FC 27   4K>..?=..^.g8..'
                        0E 21 B9 D7 2C 57 53 20  F7 FE 18 89 B4 0C F8 58   .!..,WS .......X
                        34 41 6E 4C B8 BD C5 1D  02 E3 D5 EA C3 3C 5E 66   4AnL.........<^f
                        11 D5 4E 79 9A 58 39 12  CC 43 FF 82 A4 BE EA 06   ..Ny.X9..C......
                        DC C4 A1 97 25 C9 C4 9C  FD E6 3D E2 04 F2 8B 36   ....%.....=....6
                        20 28 5E E7 40 56 38 05  8F 3F E4 AE 3C 62 9D 5F    (^.@V8..?..<b._
                        4F 49 7E 15 3D 39                                  OI~.=9
                      --> type = 16
t= 19 [st= 14]        SSL_HANDSHAKE_MESSAGE_SENT
                      --> hex_encoded_bytes =
                        14 00 00 0C A2 94 D3 4E  5B 60 25 BA AA B0 39 24   .  ....N[`%...9$
                      --> type = 20
t= 19 [st= 14]        SOCKET_BYTES_SENT
                      --> byte_count = 318
t=547 [st=542]        SOCKET_BYTES_RECEIVED
                      --> byte_count = 242
t=547 [st=542]        SSL_HANDSHAKE_MESSAGE_RECEIVED
                      --> hex_encoded_bytes =
                        04 00 00 B6 00 00 01 2C  00 B0 B3 73 D1 6F 79 A1   .  .  ., ..s.oy.
                        BE 6A 50 36 4C 85 48 C4  02 5A B2 BD 07 5D 93 DB   .jP6L.H..Z...]..
                        6C B2 DA C3 D9 57 32 66  54 E6 1B 21 20 7E FD CC   l....W2fT..! ~..
                        EA 6F DD 62 FD D5 6A 99  EB B8 16 75 4D 05 4F 55   .o.b..j....uM.OU
                        F7 72 5D BA 94 68 1A 92  5A 00 52 A6 07 91 1B F4   .r]..h..Z R.....
                        6B 1E A4 F4 FA 5F F4 0F  BC B5 FA 7D 79 22 96 20   k...._.....}y". 
                        7D 61 0D 85 17 9D EC E3  6C A5 9E 9C 66 C5 3E 77   }a......l...f.>w
                        A5 04 D1 1D 85 AA 54 C0  1B A7 2B 0A E9 59 ED B0   ......T...+..Y..
                        8B E9 1C 66 47 64 EE F2  D5 E1 A9 96 83 EC 9B 8A   ...fGd..........
                        F8 A1 01 8A 10 53 04 30  D9 72 8D EC E7 6B 71 76   .....S.0.r...kqv
                        DF 1A 81 63 27 3E 09 AD  42 1D DB A0 52 32 29 99   ...c'>..B...R2).
                        2A 16 3F 21 C9 EF 24 84  8A BB                     *.?!..$...
                      --> type = 4
t=547 [st=542]        SSL_HANDSHAKE_MESSAGE_RECEIVED
                      --> hex_encoded_bytes =
                        14 00 00 0C CB 62 2A EF  A4 59 28 D8 24 70 89 A5   .  ..b*..Y(.$p..
                      --> type = 20
t=547 [st=542]     -SSL_CONNECT
                    --> net_error = -167 (ERR_SSL_SERVER_CERT_BAD_FORMAT)
t=547 [st=542]      SOCKET_CLOSED
t=547 [st=542]   -SOCKET_IN_USE
t=547 [st=542] -SOCKET_ALIVE

Comment 2 by mattm@chromium.org, Sep 29 2017

Labels: Needs-Feedback

gratiniano: do you have any sort of antivirus or security product installed which scans TLS traffic? If so, disabling that should fix it.

If not, I'm guessing this is some sort of malware.


Details:

Looks like the same type of MITM as https://bugs.chromium.org/p/chromium/issues/detail?id=767072#c10

Invalid certificate (Version 1 with extensions)
Issuer which is O and CN of apparently random-ish words. In this case:
Issuer: O=Kayzycf, CN=Dyudo

770167.pem
6.2 KB Download

Comment 3 by wangyix@chromium.org, Oct 10 2017

gratiniano@, were you able to try the suggestion in comment #2?

Comment 4 by mattm@chromium.org, Oct 20 2017

Status: Archived (was: Unconfirmed)

Closing due to lack of feedback. If you do discover what was causing it, please let us know though.

►

Issue 770167 link

Issue metadata

chrome: ERR_SSL_SERVER_CERT_BAD_FORMAT accessing google.com a other like this.

Issue description

Comment 1 by mef@chromium.org, Sep 29 2017

Comment 1 Deleted

Comment 2 by mattm@chromium.org, Sep 29 2017

Comment 2 Deleted

Comment 3 by wangyix@chromium.org, Oct 10 2017

Comment 3 Deleted

Comment 4 by mattm@chromium.org, Oct 20 2017

Comment 4 Deleted

Sign in to add a comment