Closed Bug 1248039 Opened 9 years ago Closed 9 years ago

some www.skype.com IPs don't include the appropriate intermediate certificate (and others include the anchor)

Categories

(Web Compatibility :: Site Reports, defect)

Product:
Web Compatibility
Component:
Site Reports
Platform:
x86_64
Windows 10
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: hsivonen, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

Invalid cert saved from Windows 10
2.78 KB, application/octet-stream
Details
Steps to reproduce: 1) Navigate to https://www.skype.com in Firefox 44 on Windows 10. Actual results: sec_error_unknown_issuer and the certificate viewer shows only the leaf in the chain. Expected results: Successful connection. Additional info: Edge and Chrome connect OK. Nightly on Ubuntu 15.10 x86_64 connects OK and shows the certificate chain. Exporting the leaf from Firefox 44 on Windows 10 and Nightly on Ubuntu 15.10 result in identical files. https://www.ssllabs.com/ssltest/analyze.html?d=skype.com&s=65.55.157.237 says that the server sends the leaf, an intermediate and even the root cert, so it's not a matter of a missing intermediate being cached or not. (I checked that the SHA-1 fingerprint matches on ssllabs and in Firefox.)
Version: 45 Branch → 44 Branch
Oh, and I saw this on two distinct Windows 10 boxes.
Have you installed firefox after you have installed any antivirus that does so called "internet security" ?
(In reply to Henri Sivonen (:hsivonen) from comment #0) > https://www.ssllabs.com/ssltest/analyze.html?d=skype.com&s=65.55.157.237 > says that the server sends the leaf, an intermediate and even the root cert, These three don't, though: https://www.ssllabs.com/ssltest/analyze.html?d=skype.com&s=157.56.198.10 https://www.ssllabs.com/ssltest/analyze.html?d=skype.com&s=157.56.114.105 https://www.ssllabs.com/ssltest/analyze.html?d=skype.com&s=111.221.123.232
Component: Security: PSM → Desktop
Product: Core → Tech Evangelism
Summary: sec_error_unknown_issuer for www.skype.com → some www.skype.com IPs don't include the appropriate intermediate certificate (and others include the anchor)
Version: 44 Branch → unspecified
(In reply to Honza Bambas (:mayhemer) from comment #2) > Have you installed firefox after you have installed any antivirus that does > so called "internet security" ? No, the only anti-virus that's ever been on either of these Windows 10 installations is the built-in one.
According to https://www.ssllabs.com/ssltest/analyze.html?d=skype.com it seems that everything has been fixed. Thanks Henri
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: