Bug 223486 - www/e2guardian: Fix certificate verification with SSL_MITM option enabled
Summary: www/e2guardian: Fix certificate verification with SSL_MITM option enabled
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords: needs-qa
Depends on:
Blocks:
 
Reported: 2017-11-07 05:15 UTC by Bekzod Alimov
Modified: 2019-02-20 13:31 UTC (History)
4 users (show)

See Also:
marcellocoutinho: maintainer-feedback-
koobs: merge-quarterly?

Attachments
Chrome error screenshot (25.39 KB, image/png)
2017-11-07 05:15 UTC, Bekzod Alimov 		no flags Details
Patch for file patch-src_CertificateAuthority.hpp (406 bytes, patch)
2017-11-07 06:27 UTC, Bekzod Alimov 		marcellocoutinho: maintainer-approval-
Details | Diff
Patch for file patch-src_CertificateAuthority.cpp (1.31 KB, patch)
2017-11-07 06:28 UTC, Bekzod Alimov 		marcellocoutinho: maintainer-approval-
Details | Diff
legacy e2guardian3 with cert patch applied (24.24 KB, text/plain)
2018-04-16 17:47 UTC, marcellocoutinho 		marcellocoutinho: maintainer-approval-
marcellocoutinho: maintainer-approval-
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bekzod Alimov 2017-11-07 05:15:29 UTC 
Created attachment 187816 [details]
Chrome error screenshot

With enabled ssl_mitm option, latest version of Chrome browser rejects generated certificate with errors:
1. Subject Alternative Name missing
The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address.
2. Certificate error
There are issues with this site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).
3. Obsolete connection settings
The connection to this site uses TLS 1.2 (a strong protocol), RSA (an obsolete key exchange), and AES_128_GCM (a strong cipher).

https://github.com/e2guardian/e2guardian/issues/216
Comment 1 Bekzod Alimov 2017-11-07 06:27:28 UTC 
Created attachment 187818 [details]
Patch for file patch-src_CertificateAuthority.hpp
Comment 2 Bekzod Alimov 2017-11-07 06:28:15 UTC 
Created attachment 187819 [details]
Patch for file patch-src_CertificateAuthority.cpp
Comment 3 Alexander 2018-04-16 10:24:20 UTC 
I believe it is better to solve issue by updating www/e2guardian port to ver 4.1.4
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227547
Comment 4 marcellocoutinho 2018-04-16 17:47:52 UTC 
Created attachment 192565 [details]
legacy e2guardian3 with cert patch applied

Legacy e2guardian v3 with cert patch applied.
Comment 5 marcellocoutinho 2019-02-20 13:23:09 UTC 
Comment on attachment 187818 [details]
Patch for file patch-src_CertificateAuthority.hpp

this fix is related to old 3.5 version.
Comment 6 marcellocoutinho 2019-02-20 13:23:25 UTC 
Comment on attachment 187819 [details]
Patch for file patch-src_CertificateAuthority.cpp

this fix is related to old 3.5 version.
Comment 7 marcellocoutinho 2019-02-20 13:23:48 UTC 
Comment on attachment 192565 [details]
legacy e2guardian3 with cert patch applied

this fix is related to old 3.5 version.
Comment 8 marcellocoutinho 2019-02-20 13:24:48 UTC 
this fix is related to old 3.5 version. 


This bug can be closed. Port version now users current stable code(version 5.3)
Comment 9 Walter Schwarzenfeld 2019-02-20 13:31:53 UTC 
See comment8 - overcome by events.