Public bug reported: Hi,
It seems squid 3.3.8 packaged in Trusty has a bug that serves the certificate twice. This is shown below: OpenSSL: | [hloeung@dharkan tmp]$ echo "" | openssl s_client -connect assets.ubuntu.com:443 -CApath /etc/ssl -servername assets.ubuntu.com | CONNECTED(00000003) | depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA | verify return:1 | depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA | verify return:1 | depth=0 C = GB, L = London, O = Canonical Group Ltd, OU = IS, CN = assets.ubuntu.com | verify return:1 | --- | Certificate chain | 0 s:/C=GB/L=London/O=Canonical Group Ltd/OU=IS/CN=assets.ubuntu.com | i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA | 1 s:/C=GB/L=London/O=Canonical Group Ltd/OU=IS/CN=assets.ubuntu.com | i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA | 2 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA | i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA | --- GnuTLS: | [hloeung@dharkan tmp]$ gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt assets.ubuntu.com | ... | - Certificate[0] info: | - subject `CN=assets.ubuntu.com,OU=IS,O=Canonical Group Ltd,L=London,C=GB', issuer `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', serial 0x027cadfb20a3e4c9b6371b023b0e8e35, ... | - Certificate[1] info: | - subject `CN=assets.ubuntu.com,OU=IS,O=Canonical Group Ltd,L=London,C=GB', issuer `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', serial 0x027cadfb20a3e4c9b6371b023b0e8e35, ... This is fixed in upstream squid 3.3.9 per changelog[1] below: Changes to squid-3.3.9 (11 Sep 2013): - Bug 3849: Duplicate certificate sent when using https_port Any chance we could get this fix backported? Thanks, Haw [1]http://www.squid-cache.org/Versions/v3/3.3/ChangeLog.txt ** Affects: squid3 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744184 Title: squid 3.3.8 serves duplicate certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1744184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs