Bug 223486

Summary: www/e2guardian: Fix certificate verification with SSL_MITM option enabled
Product: Ports & Packages Reporter: Bekzod Alimov <bekmail>
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Closed Overcome By Events    
Severity: Affects Some People CC: bekmail, marcellocoutinho, sa.inbox, w.schwarzenfeld
Priority: --- Keywords: needs-qa
Version: LatestFlags: marcellocoutinho: maintainer-feedback-
koobs: merge-quarterly?
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Chrome error screenshot
none
Patch for file patch-src_CertificateAuthority.hpp
marcellocoutinho: maintainer-approval-
Patch for file patch-src_CertificateAuthority.cpp
marcellocoutinho: maintainer-approval-
legacy e2guardian3 with cert patch applied marcellocoutinho: maintainer-approval-, marcellocoutinho: maintainer-approval-

Description Bekzod Alimov 2017-11-07 05:15:29 UTC 
Created attachment 187816 [details]
Chrome error screenshot

With enabled ssl_mitm option, latest version of Chrome browser rejects generated certificate with errors:
1. Subject Alternative Name missing
The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address.
2. Certificate error
There are issues with this site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).
3. Obsolete connection settings
The connection to this site uses TLS 1.2 (a strong protocol), RSA (an obsolete key exchange), and AES_128_GCM (a strong cipher).

https://github.com/e2guardian/e2guardian/issues/216
Comment 1 Bekzod Alimov 2017-11-07 06:27:28 UTC 
Created attachment 187818 [details]
Patch for file patch-src_CertificateAuthority.hpp
Comment 2 Bekzod Alimov 2017-11-07 06:28:15 UTC 
Created attachment 187819 [details]
Patch for file patch-src_CertificateAuthority.cpp
Comment 3 Alexander 2018-04-16 10:24:20 UTC 
I believe it is better to solve issue by updating www/e2guardian port to ver 4.1.4
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227547
Comment 4 marcellocoutinho 2018-04-16 17:47:52 UTC 
Created attachment 192565 [details]
legacy e2guardian3 with cert patch applied

Legacy e2guardian v3 with cert patch applied.
Comment 5 marcellocoutinho 2019-02-20 13:23:09 UTC 
Comment on attachment 187818 [details]
Patch for file patch-src_CertificateAuthority.hpp

this fix is related to old 3.5 version.
Comment 6 marcellocoutinho 2019-02-20 13:23:25 UTC 
Comment on attachment 187819 [details]
Patch for file patch-src_CertificateAuthority.cpp

this fix is related to old 3.5 version.
Comment 7 marcellocoutinho 2019-02-20 13:23:48 UTC 
Comment on attachment 192565 [details]
legacy e2guardian3 with cert patch applied

this fix is related to old 3.5 version.
Comment 8 marcellocoutinho 2019-02-20 13:24:48 UTC 
this fix is related to old 3.5 version. 


This bug can be closed. Port version now users current stable code(version 5.3)
Comment 9 Walter Schwarzenfeld 2019-02-20 13:31:53 UTC 
See comment8 - overcome by events.