Geekspeak I don't understand
Tim Fletcher
tim at night-shade.org.uk
Wed May 13 17:26:19 BST 2015
On 13/05/15 13:31, Jon Ribbens wrote:
> On Tue, May 12, 2015 at 09:02:47PM +0100, Roland Perry wrote:
>> Can anyone tell me what this really means, and what might have
>> gone wrong, or what's amiss in 'my setup'?
>>
>> "An error occurred during a connection to www.facebook.com. The
>> server uses key pinning (HPKP) but no trusted certificate chain
>> could be constructed that matches the pinset. Key pinning
>> violations cannot be overridden. (Error code:
>> mozilla_pkix_error_key_pinning_failure)
>>
>> The page you are trying to view cannot be shown because the
>> authenticity of the received data could not be verified.
>>
>> Please contact the website owners to inform them of this
>> problem."
>
> Is it a corporate computer or similar that might have a root
> certificate installed by the IT department? The error message means
> that the 'wrong' certificate was seen by your browser. I assume if
> the certificate didn't verify at all then a more usual error
> message would appear.
It's not just the installation of a root cert on a corporate computer
but MitM on the SSL traffic. This is normally so that filtering can
take place, basically a server decrypts, filters and then encrypts
using it's own SSL cert the traffic which doesn't match the pin set.
--
Tim Fletcher <tim at night-shade.org.uk>
More information about the ukcrypto
mailing list