Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No filtering on formula1.com – can't validate certificate #1363

Closed
SebastianRasch opened this issue Dec 20, 2023 · 3 comments
Closed

No filtering on formula1.com – can't validate certificate #1363

SebastianRasch opened this issue Dec 20, 2023 · 3 comments
Assignees
@AlexandrPkhm
Labels
Bug Priority: P4 Resolution: Fixed Status: Closed Waiting for data

Comments

@SebastianRasch
Copy link

SebastianRasch commented Dec 20, 2023
edited
Loading

AdGuard version

2.12

Browser version

Safari 17.2

OS version

macOS 14.2

What filters do you have enabled?

AdGuard Base filter

What Stealth Mode options do you have enabled?

No response

Support ticket ID

No response

Issue Details

Steps to reproduce:

  1. Go to https://formula1.com
  2. In the browser assistant popup, check the lock icon next to the URL
  3. "HTTPS filter was not performed" or "Could not verify this website's certificate"

Expected Behavior

The certificate seems fine and is not expired when I check it myself so I would expect that AdGuard performs filtering

Actual Behavior

AdGuard thinks for some reason that the certificate is expired and doesn't filter this website

Screenshots

Screenshot 1:

Screenshot 2023-12-20 at 12 25 23

Screenshot 2:

Screenshot 2023-12-20 at 12 44 05

Additional Information

Also tested on Microsoft Edge 120.0, same problem
@adguard-bot adguard-bot assigned AlexandrPkhm and unassigned Aydinv13 Dec 20, 2023
@Bo98
Copy link

Bo98 commented Dec 21, 2023
edited
Loading

Seeing this happen to a ton of websites. A SCT ct log not found is logged whenever it happens:

2023-12-21 04:50:50.242204+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT list size (x509) = 3
2023-12-21 04:50:50.242218+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT ct log not found
2023-12-21 04:50:50.242226+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT log id = PxdLT9ciR1iUHWUchL4NEu2QN38fhWrrwb8ohez4ZG4=
2023-12-21 04:50:50.242233+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT origin = SCT_EMBEDDED
2023-12-21 04:50:50.242247+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT signature size = 72
2023-12-21 04:50:50.242364+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT log id = fVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebg=
2023-12-21 04:50:50.242370+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT origin = SCT_EMBEDDED
2023-12-21 04:50:50.242381+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT signature size = 71
2023-12-21 04:50:50.242509+0000 [com.adguard.mac.adguard.network-extension:176365] D: (CL: ) SSLDataProvider-CertVerify: [id=1002331] Verification error: CT_SCT_POLICY_CHECK_FAILED: Not enough valid SCTs
2023-12-21 04:50:50.242523+0000 [com.adguard.mac.adguard.network-extension:176365] D: (CL: ) PF: id=1002331 SSLFilter::onVerifyComplete Certificate www.formula1.com is not trusted (err=2, ctx=0x6000022ba340)

2023-12-21 04:54:25.682773+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT list size (x509) = 2
2023-12-21 04:54:25.682790+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT log id = SLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHM=
2023-12-21 04:54:25.682799+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT origin = SCT_EMBEDDED
2023-12-21 04:54:25.682818+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT signature size = 71
2023-12-21 04:54:25.682993+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT ct log not found
2023-12-21 04:54:25.683055+0000 [com.adguard.mac.adguard.network-extension:176358] D: (CL: ) SSLDataProvider-CertVerify: [id=1002383] Verification error: CT_SCT_POLICY_CHECK_FAILED: SCTs from at least 2 distinct log operators are required

Likely due to AdguardTeam/CoreLibs#1833.

@AlexandrPkhm
Copy link
Contributor

Hi @SebastianRasch

Please try to update to the latest version of AdGuard for Mac which is v2.13. This issue should be fixed in this version. Please let us know if you still experience this issue with v2.13 installed.

@SebastianRasch
Copy link
Author

Thanks @AlexandrPkhm, now it's working perfectly on 2.13!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexandrPkhm AlexandrPkhm

Labels
Bug Priority: P4 Resolution: Fixed Status: Closed Waiting for data
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Bo98 @SebastianRasch @adguard-bot @Aydinv13 @AlexandrPkhm