Summary: | [GTK] TLS errors on Vimeo couch mode | ||
---|---|---|---|
Product: | WebKit | Reporter: | Philippe Normand <pnormand> |
Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
Status: | RESOLVED WORKSFORME | ||
Severity: | Normal | CC: | cgarcia, mcatanzaro, mrobinson, svillar |
Priority: | P2 | ||
Version: | 528+ (Nightly build) | ||
Hardware: | Unspecified | ||
OS: | Unspecified |
Description
Philippe Normand
2014-11-25 03:54:52 PST
gnutls-cli player.vimeo.com Processed 172 CA certificate(s). Resolving 'player.vimeo.com'... Connecting to '74.113.233.133:443'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `C=US,ST=New York,L=New York,O=Vimeo\, LLC,CN=*.vimeo.com', issuer `C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA', RSA key 2048 bits, signed using RSA-SHA256, activated `2014-02-05 00:00:00 UTC', expires `2017-02-08 12:00:00 UTC', SHA-1 fingerprint `2541f2dc97af57f19c1903ed823ca72e82d027b9' Public Key ID: f2f428bc859a874f7b0b724aa31f8b7ee8a96fa3 Public key's random art: +--[ RSA 2048]----+ | | | | | | | | | . S | | . = o | | .=.B + . | | +=o@.*. | |EBB+*o+... | +-----------------+ - Certificate[1] info: - subject `C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA', issuer `C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert Global Root CA', RSA key 2048 bits, signed using RSA-SHA256, activated `2013-03-08 12:00:00 UTC', expires `2023-03-08 12:00:00 UTC', SHA-1 fingerprint `1fb86b1168ec743154062e8c9cc5b171a4b7ccb4' - Status: The certificate is trusted. - Description: (TLS1.2)-(RSA)-(ARCFOUR-128)-(SHA1) - Session ID: 64:B2:45:CB:89:DE:EE:88:30:32:5B:39:34:DD:0F:E1:24:4B:18:77:E3:4A:8C:05:B9:2F:30:DC:DB:30:39:00 - Version: TLS1.2 - Key Exchange: RSA - Cipher: ARCFOUR-128 - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode: ^C This turned out to be a Debian packaging bug [1] we've seen before. Philippe's GTE CyberTrust Global Root certificate was improperly disabled. As for why the gnutls-cli connection worked and why the chain only involves DigiCert: the video is not coming from player.vimeo.com, it's actually coming from pdlvimoecdn-a.akamaihd.net. (I'm a little surprised that wasn't reflected in the URL printed on the command line; I discovered this with the web inspector.) Anyway, I'd close this bug, but I haven't been granted bug edit powers yet. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743339 (In reply to comment #2) > Anyway, I'd close this bug, but I haven't been granted bug edit powers yet. > Thou shall now have those powers, use them with seldom :) |