Wireshark-dev: [Wireshark-dev] gerrit.wireshark.org certificate trouble?
From: Harald Welte <laforge@xxxxxxxxxxxx>
Date: Sat, 7 Apr 2018 22:18:00 +0200
Hi all,

when accessing https://gerrit.wireshark.org/ with Chromium 65.0.3325.146, I
get the following error message:

> Your connection is not private
> Attackers might be trying to steal your information from gerrit.wireshark.org (for example, passwords, messages, or credit cards). Learn more
>
> NET::ERR_CERT_COMMON_NAME_INVALID
>
> gerrit.wireshark.org normally uses encryption to protect your information. When Chromium tried to connect to gerrit.wireshark.org this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be gerrit.wireshark.org, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chromium stopped the connection before any data was exchanged.
>
> You cannot visit gerrit.wireshark.org right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

The Certificate I'm receiving is issued to CN=staging.wireshark.org and it has no
SubjectAltNames besides staging.wireshark.org.  It's SHA256 fingerprint is

F0 63 E6 64 FD A6 67 41 40 8C 02 2F FD 43 91 E2
C8 44 87 3D AC 87 8A E4 13 32 EA 8C EB 0D 69 DD

Unless there's something odd (MITM) happening on the internet between wireshark.org
and myself, or Chromium is somehow b0rked, I would expect the gerrit web interface
to be unusable for everyone at the moment.

Can somebody confirm and/or report to the respective sysadmin?

Thanks!

Regards,
	Harald

-- 
- Harald Welte <laforge@xxxxxxxxxxxx>           http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)