Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

gerrit.wireshark.org certificate trouble?

From: Harald Welte <laforge () gnumonks org>
Date: Sat, 7 Apr 2018 22:18:00 +0200
Hi all,

when accessing https://gerrit.wireshark.org/ with Chromium 65.0.3325.146, I
get the following error message:


Your connection is not private
Attackers might be trying to steal your information from gerrit.wireshark.org (for example, passwords, messages, or 
credit cards). Learn more

NET::ERR_CERT_COMMON_NAME_INVALID

gerrit.wireshark.org normally uses encryption to protect your information. When Chromium tried to connect to 
gerrit.wireshark.org this time, the website sent back unusual and incorrect credentials. This may happen when an 
attacker is trying to pretend to be gerrit.wireshark.org, or a Wi-Fi sign-in screen has interrupted the connection. 
Your information is still secure because Chromium stopped the connection before any data was exchanged.

You cannot visit gerrit.wireshark.org right now because the website uses HSTS. Network errors and attacks are usually 
temporary, so this page will probably work later.


The Certificate I'm receiving is issued to CN=staging.wireshark.org and it has no
SubjectAltNames besides staging.wireshark.org.  It's SHA256 fingerprint is

F0 63 E6 64 FD A6 67 41 40 8C 02 2F FD 43 91 E2
C8 44 87 3D AC 87 8A E4 13 32 EA 8C EB 0D 69 DD

Unless there's something odd (MITM) happening on the internet between wireshark.org
and myself, or Chromium is somehow b0rked, I would expect the gerrit web interface
to be unusable for everyone at the moment.

Can somebody confirm and/or report to the respective sysadmin?

Thanks!

Regards,
        Harald

-- 
- Harald Welte <laforge () gnumonks org>           http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: