Bug 27777

Summary: Chromium cannot download file that Chrome can-- Certificate authority problem?
Product: Mageia Reporter: w unruh <unruh>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: Normal CC: nicolas.salguero, ouaurelien
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: chromium? CVE:
Status comment:

Description w unruh 2020-12-07 19:04:48 CET 
Description of problem: On chromium, I try to download the pdf file
https://pctsadmin.princeton.edu/upload/document/d5bc67548f32e8aabe5134ede4f8f15f.pdf
All I get is a black screen with an unhappy puzzle piece and no error message. If I try to download it with wget I have
wget https://pctsadmin.princeton.edu/upload/document/d5bc67548f32e8aabe5134ede4f8f15f.pdf
--2020-12-07 09:38:32--  https://pctsadmin.princeton.edu/upload/document/d5bc67548f32e8aabe5134ede4f8f15f.pdf
Resolving pctsadmin.princeton.edu (pctsadmin.princeton.edu)... 128.112.86.19
Connecting to pctsadmin.princeton.edu (pctsadmin.princeton.edu)|128.112.86.19|:443... connected.
ERROR: cannot verify pctsadmin.princeton.edu's certificate, issued by ‘CN=InCommon RSA Server CA,OU=InCommon,O=Internet2,L=Ann Arbor,ST=MI,C=US’:
  Unable to locally verify the issuer's authority.
To connect to pctsadmin.princeton.edu insecurely, use `--no-check-certificate'.

I am assuming that the reason chromium cannot download the pdf is because of a non-existant root certificate for the site. 
On the other hand google-chrome has no trouble downloading that site, which suggestes that google-chrome has root certificates that chromium does not. How to get them into chromium?

I tried moving .configure/google-chrome/Safe Browsing/ contents to chromium/Safe Browsing, but that did not help. Is there something else I should be trying? Or is this totally uninformative error on Chromium indicating something else? (Note that the pdf file DOES exist.
On Konqueror I get the error 

263.90kB/s    0:00:00 (xfr#13, to-chk=1/15)
UrlUws.store
The server failed the authenticity check (pctsadmin.princeton.edu).
The certificate authority's certificate is invalid
The certificate cannot be verified for internal reasons

On Firefox it works. 

Surely there must be a way of getting a better list of certificate authories from Chrome of Firefox and inserting it into Chromium.



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
Comment 1 Nicolas Salguero 2020-12-08 13:13:08 CET 
Hi,

What is your version of chromium? 86.0.4240.198-1.mga7?

In my tests, with chromium-browser-87.0.4280.88-1.mga7 from updates_testing, there is no problem displaying https://pctsadmin.princeton.edu/upload/document/d5bc67548f32e8aabe5134ede4f8f15f.pdf

Best regards,

Nico.

CC: (none) => nicolas.salguero

Aurelien Oudelet 2020-12-08 16:32:43 CET

CC: (none) => ouaurelien

Comment 2 w unruh 2020-12-08 17:18:12 CET 
Yes, my version is 86.0. I will try 87.0
Which rootcerts version are you using?
Comment 3 Nicolas Salguero 2020-12-08 17:26:04 CET 
rootcerts-20201201.00-1.mga7
Comment 4 Aurelien Oudelet 2020-12-09 20:16:49 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0455.html


Please test and report here.
Comment 5 w unruh 2020-12-09 23:24:23 CET 
The new (87.) version seems to solve the problem (it opens the problematic pdf files.) Of course I am not sure if it is the new rootcerts (which I installed before, but did not fix the problem) or the new chromium, but whichever, it now works
Comment 6 Aurelien Oudelet 2020-12-11 11:55:53 CET 
(In reply to w unruh from comment #5)
> The new (87.) version seems to solve the problem (it opens the problematic
> pdf files.) Of course I am not sure if it is the new rootcerts (which I
> installed before, but did not fix the problem) or the new chromium, but
> whichever, it now works

Resolution: (none) => FIXED
Status: NEW => RESOLVED