[Cyberduck-trac] [Cyberduck] #8698: Certificate Chain not displayed correctly in some cases

Cyberduck trac at trac.cyberduck.io
Wed Mar 25 17:39:22 UTC 2015 

#8698: Certificate Chain not displayed correctly in some cases
------------------------+------------------------
 Reporter:  actionverb  |         Owner:  dkocher
     Type:  defect      |        Status:  new
 Priority:  normal      |     Milestone:
Component:  interface   |       Version:  4.6.5
 Severity:  normal      |    Resolution:
 Keywords:              |  Architecture:
 Platform:              |
------------------------+------------------------
Description changed by actionverb:

Old description:

> In some circumstances, Cyberduck fails to display the complete
> certificate chain.  I recently installed a certificate, and noticed that
> while Cyberduck accepts the certificate as valid and displays no errors
> when connecting to it, the pane revealed by clicking the lock icon only
> shows part of the chain.  This happens for both DAV HTTPS connections as
> well as FTPS connections.
>
> In most cases, it shows all but the last (most specific) certificate (see
> cert_issue1.png).  In at least one case that I cannot seem to reproduce
> now, it showed only the root certificate (see cert_issue2.png).  I
> confirmed that there is nothing hidden outside of the visible area.
>
> With debug mode (Cyberduck Version 4.6.5 (17000) on OS X 10.10.2), I
> found the following entry:
>   Error adding certificate to Keychain
>
> I have confirmed with the vendor that the certificate is valid and
> correctly installed, and it works properly in every other FTP app and
> browser I've tried.  I tested the certificate chain manually with openssl
> s_client.
>
> I have also confirmed that the problem exists on Windows 8.1 with
> Cyberdick 4.6.5.

New description:

 In some circumstances, Cyberduck fails to display the complete certificate
 chain.  I recently installed a certificate, and noticed that while
 Cyberduck accepts the certificate as valid and displays no errors when
 connecting to it, the pane revealed by clicking the lock icon only shows
 part of the chain.  This happens for both DAV HTTPS connections as well as
 FTPS connections.

 In most cases, it shows all but the last (most specific) certificate (see
 cert_issue1.png).  In at least one case that I cannot seem to reproduce
 now, it showed only the root certificate (see cert_issue2.png).  I
 confirmed that there is nothing hidden outside of the visible area.

 With debug mode (Cyberduck Version 4.6.5 (17000) on OS X 10.10.2), I found
 the following entry:
   Error adding certificate to Keychain

 I have confirmed with the vendor that the certificate is valid and
 correctly installed, and it works properly in every other FTP app and
 browser I've tried.  I tested the certificate chain manually with openssl
 s_client.

 I have also confirmed that the problem exists on Windows 8.1 with
 Cyberduck 4.6.5.

--

-- 
Ticket URL: <https://trac.cyberduck.io/ticket/8698#comment:2>
Cyberduck <http://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list