New issue
Advanced search Search tips

Issue 830162 link

Starred by 2 users

Issue metadata

Status: Duplicate
Merged: issue 823665
Owner: ----
Closed: Apr 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Certificate Transparency is not enforced

Reported by hg5...@gmail.com, Apr 7 2018

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

Example URL:
https://judicialconduct.judiciary.gov.uk

Steps to reproduce the problem:
1. visit site with SSL (notBefore > 2018-04-01, no CT)
ex)
https://talk.hscity.go.kr
https://judicialconduct.judiciary.gov.uk 

list : 
GPKI Root CA1
https://crt.sh/?icaid=123&identity=%25
https://crt.sh/?icaid=272&identity=%25

Amazon Root CA1
https://crt.sh/?icaid=9324&identity=%25

What is the expected behavior?
MUST RAISE "NO CT EXISTS" ERROR.

What went wrong?
for some reason, CT Checking is not enabled in Chrome.

Did this work before? No 

Chrome version: 65.0.3325.181  Channel: stable
OS Version: 10.0
Flash Version:
 
Labels: Needs-Triage-M65
SCT is being enforced as expected here on 65.0.3325.181 as well as 67.0.3390.0 canary. Is your connection being intercepted by antivirus, proxy, parental control, or similar software?

Comment 4 by hg5...@gmail.com, Apr 10 2018

i don't use any SSL interception program. SCT is not enforced in windows canary either.

if SCT is being enforced, chrome must raise error for " https://judicialconduct.judiciary.gov.uk/ " (Amazon Root CA1, without SCT)

Comment 5 by hg5...@gmail.com, Apr 10 2018

same problem on "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
Cc: susan.boorgula@chromium.org
Components: Internals>Network>Certificate
Labels: Triaged-ET TE-NeedsTriageHelp
Reporter@ Thanks for the issue.

This issue seems to be out of TE scope as this is related to Certificate Transparency. Hence adding TE-NeedsTriageHelp label. Request someone from 'Internals>Network>Certificate' team to look into the issue and help in further triaging.

Thanks!
Mergedinto: 823665
Status: Duplicate (was: Unconfirmed)

Sign in to add a comment