Re: Help, I broke sso.debian.org for chrome - Found reason

On Wed, Sep 06, 2017 at 01:36:55PM +0200, Enrico Zini wrote: > I found the reason: python-cryptography writes the certificate issuer > as UTF8 String while the CA certificate has it as Printable String. > Because of that, the subject names don't match bit-by-bit. Fixed:

Re: Help, I broke sso.debian.org for chrome - Found reason

Enrico Zini writes: > On Tue, Sep 05, 2017 at 11:37:01AM +0200, Enrico Zini wrote: > >> I refactored the certificate generation code for sso.debian.org, and the >> certificates it generates now still work in Firefox but not in Chrome. > > I found the reason:

Re: Help, I broke sso.debian.org for chrome - Found reason

On Wed, Sep 06, 2017 at 01:36:55PM +0200, Enrico Zini wrote: > On Tue, Sep 05, 2017 at 11:37:01AM +0200, Enrico Zini wrote: > > > I refactored the certificate generation code for sso.debian.org, and the > > certificates it generates now still work in Firefox but not in Chrome. > > I found the

Re: Help, I broke sso.debian.org for chrome - Found reason

On Tue, Sep 05, 2017 at 11:37:01AM +0200, Enrico Zini wrote: > I refactored the certificate generation code for sso.debian.org, and the > certificates it generates now still work in Firefox but not in Chrome. I found the reason: python-cryptography writes the certificate issuer as UTF8 String