Web lists-archives.com

Help, I broke sso.debian.org for chrome




Hello,

I refactored the certificate generation code for sso.debian.org, and the
certificates it generates now still work in Firefox but not in Chrome.

Steps to reproduce:

1. Back up and delete all Debian certificates in Chrome
2. Go to one of these links to generate a new one:
   https://sso.debian.org/debian/certs/enroll_csr/
   https://sso.debian.org/alioth/certs/enroll_csr/
3. Go to chrome://settings/certificates and import it
   (remember to combine key and certificate in a .p12 file, the
   enroll_csr has a command line example
4. Visit https://sso.debian.org/ca/test/env: chrome doesn't even ask for
   which certificate to use

Can you help me find out what is in the certificates it generates now
that chrome doesn't like?

This is the code that generates the certificate:
https://anonscm.debian.org/cgit/debian-sso/debian-sso.git/tree/ca/ca.py#n402

This is the code before the refactoring:
https://anonscm.debian.org/cgit/debian-sso/debian-sso.git/tree/ca/ca.py?id=926d5ca1c448fdd4f02ae7247ef5f695d8e2f22e#n331


Enrico

-- 
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@xxxxxxxxxxxxxx>

Attachment: signature.asc
Description: PGP signature