Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Certificate Chain not displayed correctly in some cases #8698

Closed
cyberduck opened this issue Mar 25, 2015 · 7 comments
Closed

Certificate Chain not displayed correctly in some cases #8698

cyberduck opened this issue Mar 25, 2015 · 7 comments
Assignees
Milestone

Comments

@cyberduck
Copy link
Collaborator

89cb3c0 created the issue

In some circumstances, Cyberduck fails to display the complete certificate chain. I recently installed a certificate, and noticed that while Cyberduck accepts the certificate as valid and displays no errors when connecting to it, the pane revealed by clicking the lock icon only shows part of the chain. This happens for both DAV HTTPS connections as well as FTPS connections.

In most cases, it shows all but the last (most specific) certificate (see cert_issue1.png). In at least one case that I cannot seem to reproduce now, it showed only the root certificate (see cert_issue2.png). I confirmed that there is nothing hidden outside of the visible area.

With debug mode (Cyberduck Version 4.6.5 (17000) on OS X 10.10.2), I found the following entry:
Error adding certificate to Keychain

I have confirmed with the vendor that the certificate is valid and correctly installed, and it works properly in every other FTP app and browser I've tried. I tested the certificate chain manually with openssl s_client.

I have also confirmed that the problem exists on Windows 8.1 with Cyberduck 4.6.5.


Attachments

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [8698 actionverb]:

I have also confirmed that the problem exists on Windows 8.1 with Cyberduck 4.6.5.

Can you confirm that you have seen the same issues with this certificate chain on Cyberduck for Windows.

@cyberduck
Copy link
Collaborator Author

89cb3c0 commented

Confirmed, we only saw the root certificate when testing on Windows 8.1 with Cyberduck 4.6.5. I am happy to assist if there is any other information or testing needed.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

I am trying to reproduce this issue on OS X and get a complete chain displayed as returned by the server.

Screen Shot 2015-03-28 at 22.02.39.png

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Can you try with a guest user account (that has no certificates added in the Keychain (on Mac) or Certificate Store (on Windows) that might interfere when building the trust chain. Please reopen with exact steps to reproduce if possible.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

New duplicate issue in #8885.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [8698 actionverb]:

With debug mode (Cyberduck Version 4.6.5 (17000) on OS X 10.10.2), I found the following entry:
Error adding certificate to Keychain

Fixed in 58d0227.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

In 3b98898.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants