Quic Warn

#1
Getting bunch of errors related to certificate verification when Quic turned on.

Wondering what should I do to fix it.

Certificates seem to be installed correctly ... browsers do not complain.

Please check this debug output:

2020-01-04 16:35:46.640233 [DEBUG] [QUIC:D27C1A064E70DCD3] mini-conn: packet in: 4
2020-01-04 16:35:46.640235 [DEBUG] [QUIC:D27C1A064E70DCD3] event: packet in: 4, type: Initial, size: 152; ecn: 0, spin: 0; path: 0
2020-01-04 16:35:46.640239 [DEBUG] [QUIC:D27C1A064E70DCD3] event: decrypted packet 4
2020-01-04 16:35:46.640241 [DEBUG] [QUIC:D27C1A064E70DCD3] mini-conn: recorded largest received timestamp as 169293 usec since creation
2020-01-04 16:35:46.640244 [DEBUG] [QUIC:D27C1A064E70DCD3] event: ACK frame in: [5-1]
2020-01-04 16:35:46.640246 [DEBUG] [QUIC:D27C1A064E70DCD3] mini-conn: Got ACK for packet 5
2020-01-04 16:35:46.640248 [DEBUG] [QUIC:D27C1A064E70DCD3] mini-conn: srtt: 136047 usec, var: 38675
2020-01-04 16:35:46.640251 [DEBUG] [QUIC:D27C1A064E70DCD3] event: CONNECTION_CLOSE frame in: error code 42, reason: Proof invalid: Failed to verify certificate chain:
net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED
2020-01-04 16:35:46.640253 [WARN] [QUIC:D27C1A064E70DCD3] mini-conn: Received CONNECTION_CLOSE frame (code: 42; reason: Proof invalid: Failed to verify certificate chain:
net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED)
2020-01-04 16:35:46.640256 [DEBUG] [QUIC:D27C1A064E70DCD3] qlog: [6442341153552,"TRANSPORT","PACKET_RX","LINE",{"raw":"c35130343650d27c1a064e70dcd3000000041056777d8653c52e9cbc69a840
...","header":{"type":"Initial","payload_length":"136","packet_number":"4"},"frames":[{"frame_type":"ACK"},{"frame_type":"CONNECTION_CLOSE"}]}]
2020-01-04 16:35:46.640260 [DEBUG] engine: next advisory tick is now: have 1 tickable connection (D27C1A064E70DCD3 first)
2020-01-04 16:35:46.640262 [DEBUG] engine: decref conn D27C1A064E70DCD3, 'HTA' -> 'HA'
2020-01-04 16:35:46.640264 [DEBUG] engine: decref conn D27C1A064E70DCD3, 'HA' -> 'H'
2020-01-04 16:35:46.640267 [WARN] mini-conn: enc hist Ibj; User-Agent: Chrome/79.0.3945.88 Windows NT 10.0; Win64; x64
2020-01-04 16:35:46.640269 [DEBUG] engine: incref conn D27C1A064E70DCD3, 'H' -> 'CH'
2020-01-04 16:35:46.640271 [DEBUG] engine: decref conn D27C1A064E70DCD3, 'CH' -> 'C'
2020-01-04 16:35:46.640273 [DEBUG] engine: decref conn D27C1A064E70DCD3, 'C' -> ''
2020-01-04 16:35:46.640276 [DEBUG] purga: allocated new page
2020-01-04 16:35:46.640278 [DEBUG] purga: added D27C1A064E70DCD3 to the set
2020-01-04 16:35:46.640282 [WARN] [QUIC:D27C1A064E70DCD3] mini-conn: destroyed. Diagnostics: conn flags: 0x420008, mc flags: 0x10, received: F, sent: 7F, lost: 0, deferred: 0,
still-deferred: 0, dropped: 0, in-flight: FFFFFFFFFFFFFFFF, acked: 1F, error_code: 0x2A, ticks: 4, pack size: 1350, lifetime: 169346 usec
2020-01-04 16:35:46.640285 [DEBUG] [QUIC:D27C1A064E70DCD3] event: mini connection destroyed
2020-01-04 16:35:46.640287 [DEBUG] QuicEngine::removeOldSCIDs
2020-01-04 16:35:46.640291 [DEBUG] [QuicShm::markBadCidItems]: mark CID D27C1A064E70DCD3 with PID: -1
2020-01-04 16:35:46.640293 [DEBUG] removed CID D27C1A064E70DCD3 from CID/Listener hash
2020-01-04 16:35:46.640296 [DEBUG] [UDP:0.0.0.0:443] onRead: done; in total, read 1 packet in 1 batch
2020-01-04 16:35:46.644460 [DEBUG] DNS reverse lookup: [93.141.56.128]: 93-141-56-128.adsl.net.t-com.hr
 
#3
Pong,

The thing is, I do not experience any issues when checking the actual websites using chrome. Tested all websites hosted.

I may pm you the sites if you wish.
 
#5
Just to keep you guys posted ... this wasn't a bug on your side.

Had to modify my certificates and it's working fine now.

Actual browsers didn't complain ... and the certificates were perfectly ok on several test sites ... but found 1 site that has thrown errors.

That's how I found out :)

Anyway, case closed!
 
Top