View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0001348Main CAcert Websitemiscpublic2014-12-14 12:132015-01-25 17:13
ReporterMathias Assigned Tojandd  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2014 Q4 
Target Version2014 Q4 
Summary0001348: svn.cacert.org SSL/TLS configuration rated grade B on SSL Labs
DescriptionHi!

There is an SSL/TLS configuration issue on svn.cacert.org:

The server certificate is issued by CAcert Class 3 Root which is also delivered while establishing a connection. But the CAcert Class 3 Root does not have the CA extension enabled:

--------------------snip--------------------
  X509v3 extensions:
    X509v3 Basic Constraints: critical
      CA:FALSE
--------------------snip--------------------

Therefore a *complete* chain of trust can neither be created nor verified.

Finally this leads to a grade B rating on the SSL Labs test. (This is independent of the fact that the SSL Labs test is based on the Mozilla certificate store, which the CAcert root certificate is not part of. A well known problem, which does, however, cause no harm here.)

A solution is to also deliver the CAcert root certificate.

Thanks for looking into this issue.

Mathias
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

child of 0001241 solved?jandd cacert.org SSL/TLS configuration is bad on many levels 

Activities

Mathias

2014-12-14 12:13

reporter  

SSL_Labs-svn.cacert.org-grade_B-20141214.pdf (169,620 bytes)

jandd

2014-12-27 12:06

administrator   ~0005210

fixed, getting a grade A on ssllabs now

Mathias

2015-01-25 17:13

reporter   ~0005265

Closed, thanks.

Issue History

Date Modified Username Field Change
2014-12-14 12:13 Mathias New Issue
2014-12-14 12:13 Mathias File Added: SSL_Labs-svn.cacert.org-grade_B-20141214.pdf
2014-12-14 12:13 Mathias Relationship added child of 0001241
2014-12-23 20:21 BenBE Assigned To => jandd
2014-12-23 20:21 BenBE Status new => needs work
2014-12-23 20:21 BenBE Product Version => 2014 Q4
2014-12-23 20:21 BenBE Target Version => 2014 Q4
2014-12-27 12:06 jandd Note Added: 0005210
2014-12-27 12:06 jandd Status needs work => solved?
2014-12-27 12:06 jandd Resolution open => fixed
2015-01-25 17:13 Mathias Note Added: 0005265
2015-01-25 17:13 Mathias Status solved? => closed