Opened 6 years ago

Closed 5 years ago

Last modified 5 years ago

#1113 closed defect (fixed)

"No issuer chain was provided" for i2p2.de and geti2p.net

Reported by: killyourtv Owned by: welterde
Priority: major Milestone: 0.9.10
Component: www/i2p Version:
Keywords: ssl certificates untrusted Cc:
Parent Tickets:

Description

Moved from ticket 794.

Using gnutls-cli:

$ gnutls-cli i2p2.de < /dev/null
Processed 164 CA certificate(s).
Resolving 'i2p2.de'...
Connecting to '2a01:4f8:121:4fff:0:1:248:202:443'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
 - subject `OU=Domain Control Validated,OU=COMODO SSL Wildcard,CN=*.i2p2.de', issuer `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO SSL CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2013-04-16 00:00:00 UTC', expires `2018-04-15 23:59:59 UTC', SHA-1 fingerprint `49da37afe2949b1672eb2dedfc8ca929ce48ecff'
        Public Key Id:
                5f6759276f1c6d7b0c7fa0f8fcf5151f142bfd83
        Public key's random art:
                +--[ RSA 2048]----+
                |               . |
                |              . +|
                |             .+==|
                |           . .+%=|
                |        S . oE+=X|
                |         . + o .B|
                |          . o   +|
                |             . .o|
                |              . .|
                +-----------------+

- Status: The certificate is NOT trusted. The certificate issuer is unknown. 
*** Verifying server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.

Compare that with the results from the cert for trac.i2p2.de which I installed:

$ gnutls-cli trac.i2p2.de < /dev/null
Processed 164 CA certificate(s).
Resolving 'trac.i2p2.de'...
Connecting to '193.150.121.69:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `OU=Domain Control Validated,OU=COMODO SSL Wildcard,CN=*.i2p2.de', issuer `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO SSL CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2013-04-16 00:00:00 UTC', expires `2018-04-15 23:59:59 UTC', SHA-1 fingerprint `49da37afe2949b1672eb2dedfc8ca929ce48ecff'
        Public Key Id:
                5f6759276f1c6d7b0c7fa0f8fcf5151f142bfd83
        Public key's random art:
                +--[ RSA 2048]----+
                |               . |
                |              . +|
                |             .+==|
                |           . .+%=|
                |        S . oE+=X|
                |         . + o .B|
                |          . o   +|
                |             . .o|
                |              . .|
                +-----------------+

- Certificate[1] info:
 - subject `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO SSL CA', issuer `C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root', RSA key 2048 bits, signed using RSA-SHA1, activated `2011-08-23 00:00:00 UTC', expires `2020-05-30 10:48:38 UTC', SHA-1 fingerprint `b4c66180c520bad688470ef80bb22beba8391c22'
- Status: The certificate is trusted. 
- Description: (TLS1.2-PKIX)-(RSA)-(AES-128-GCM)-(AEAD)
- Session ID: 3F:7B:1D:E9:8E:FD:63:E2:10:FE:DA:9A:EF:5A:DE:E8:46:03:93:FC:76:02:E3:74:90:DB:FD:45:9A:93:52:D8
- Version: TLS1.2
- Key Exchange: RSA
- Cipher: AES-128-GCM
- MAC: AEAD
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

In Firefox one can see the following:


Subtickets

Change History (3)

comment:1 Changed 6 years ago by killyourtv

Note: www.i2p2.de doesn't work either.

$ gnutls-cli www.i2p2.de
Processed 164 CA certificate(s).
Resolving 'www.i2p2.de'...
Connecting to '2a01:4f8:121:4fff:0:1:248:202:443'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
 - subject `OU=Domain Control Validated,OU=COMODO SSL Wildcard,CN=*.i2p2.de', issuer `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO SSL CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2013-04-16 00:00:00 UTC', expires `2018-04-15 23:59:59 UTC', SHA-1 fingerprint `49da37afe2949b1672eb2dedfc8ca929ce48ecff'
        Public Key Id:
                5f6759276f1c6d7b0c7fa0f8fcf5151f142bfd83
        Public key's random art:
                +--[ RSA 2048]----+
                |               . |
                |              . +|
                |             .+==|
                |           . .+%=|
                |        S . oE+=X|
                |         . + o .B|
                |          . o   +|
                |             . .o|
                |              . .|
                +-----------------+

- Status: The certificate is NOT trusted. The certificate issuer is unknown. 
*** Verifying server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.

comment:2 Changed 5 years ago by killyourtv

  • Resolution set to fixed
  • Status changed from new to closed

Resolved when echelon took over geti2p.net's hosting and by the revamp site's going live (ticket #807)

Last edited 5 years ago by killyourtv (previous) (diff)

comment:3 Changed 5 years ago by str4d

  • Milestone set to 0.9.10
Note: See TracTickets for help on using tickets.