124 lines
3.8 KiB
Markdown
124 lines
3.8 KiB
Markdown
# TSG版本为2211和2212的intercept功能证书替换存在问题
|
||
|
||
| ID | Creation Date | Assignee | Status |
|
||
|----|----------------|----------|--------|
|
||
| OMPUB-897 | 2023-04-12T14:52:36.000+0800 | 冯伟浩 | 已关闭 |
|
||
|
||
|
||
---
|
||
|
||
在TSG版本为22.11和22.12环境中进行测试
|
||
|
||
{color:#de350b}{color:#172b4d}22.11环境:{color}192.168.44.228{color}
|
||
|
||
{color:#de350b}{color:#172b4d}22.12环境:{color}192.168.44.29{color}
|
||
|
||
动作都是intercept,Source选择本机IP,Application选择SSL
|
||
|
||
Filter中选择SNI,FQDN的值为*.badssl.com
|
||
|
||
For trusted servers 配置文件保持不变
|
||
|
||
For untrusted servers 配置文件在Untrusted和Trusted Default进行切换
|
||
|
||
Decryption Profile 选择新建的配置文件,开启Certificate Checks四个按钮,Fail Action选择Pass-through;Dynamic Bypass全部关闭;Protocol Version全部开启
|
||
|
||
测试结果:
|
||
{color:#de350b}22.11环境{color},For untrusted servers选择Untrusted和Trusted Default配置文件后进行访问,证书都是{color:#de350b}信任证书{color}
|
||
{color:#de350b}22.12环境{color},For untrusted servers选择Untrusted和Trusted Default配置文件后进行访问,证书都是{color:#de350b}非信任证书{color}
|
||
|
||
{color:#172b4d}按照预期结果的话应该是For untrusted servers选择Untrusted配置文件后进行访问,会提示非信任证书并显示非信任证书{color}
|
||
{color:#172b4d}For untrusted servers选择Trusted Default配置文件后进行访问,会显示信任证书{color}
|
||
{color:#172b4d}请查看附件中的截图,并协助确认两个环境是否都存在问题?{color}**gitlab** commented on *2023-04-13T16:53:00.654+0800*:
|
||
|
||
[冯伟浩|https://git.mesalab.cn/fengweihao] mentioned this issue in [a commit|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/commit/d9e0d744cf793e6afc9fc7298f736b23bd5ab818] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-certsorte-to-v3.0.1|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-certsorte-to-v3.0.1]:{quote}更新certstore到v3.0.1, 版本修改: OMPUB-897 修复本地缓存获取非可信证书key值错误问题{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2023-04-13T16:53:13.079+0800*:
|
||
|
||
[冯伟浩|https://git.mesalab.cn/fengweihao] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/1226] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-certsorte-to-v3.0.1|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-certsorte-to-v3.0.1]:{quote}更新certstore到v3.0.1, 版本修改: OMPUB-897 修复本地缓存获取非可信证书key值错误问题{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**fengweihao** commented on *2023-04-13T17:03:34.796+0800*:
|
||
|
||
用如下方法规避此问题:
|
||
|
||
停止本地Redis服务
|
||
|
||
systemctl stop cert-redis.service
|
||
|
||
重启certstore服务
|
||
|
||
systemctl restart certstore
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2023-04-13T19:54:34.582+0800*:
|
||
|
||
[冯伟浩|https://git.mesalab.cn/fengweihao] mentioned this issue in [a commit|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/commit/cfef8e3275856f05590893ddfeae23fddec7a8c9] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-certsorte-to-v3.0.1|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-certsorte-to-v3.0.1]:{quote}更新certstore到v3.0.1, 版本修改: OMPUB-897 修复本地缓存获取非可信证书key值错误问题{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
|
||
|
||
## Attachments
|
||
|
||
**37185/屏幕截图(10).png**
|
||
|
||
---
|
||
|
||
**37184/屏幕截图(11).png**
|
||
|
||
---
|
||
|
||
**37183/屏幕截图(12).png**
|
||
|
||
---
|
||
|
||
**37182/屏幕截图(13).png**
|
||
|
||
---
|
||
|
||
**37181/屏幕截图(14).png**
|
||
|
||
---
|
||
|
||
**37180/屏幕截图(15).png**
|
||
|
||
---
|
||
|
||
**37191/屏幕截图(4).png**
|
||
|
||
---
|
||
|
||
**37190/屏幕截图(5).png**
|
||
|
||
---
|
||
|
||
**37189/屏幕截图(6).png**
|
||
|
||
---
|
||
|
||
**37188/屏幕截图(7).png**
|
||
|
||
---
|
||
|
||
**37187/屏幕截图(8).png**
|
||
|
||
---
|
||
|
||
**37186/屏幕截图(9).png**
|
||
|
||
---
|
||
|