No filtering on formula1.com – can't validate certificate
SebastianRasch opened this issue · 3 comments
AdGuard version
2.12
Browser version
Safari 17.2
OS version
macOS 14.2
What filters do you have enabled?
AdGuard Base filter
What Stealth Mode options do you have enabled?
No response
Support ticket ID
No response
Issue Details
Steps to reproduce:
- Go to https://formula1.com
- In the browser assistant popup, check the lock icon next to the URL
- "HTTPS filter was not performed" or "Could not verify this website's certificate"
Expected Behavior
The certificate seems fine and is not expired when I check it myself so I would expect that AdGuard performs filtering
Actual Behavior
AdGuard thinks for some reason that the certificate is expired and doesn't filter this website
Screenshots
Additional Information
Also tested on Microsoft Edge 120.0, same problem
Seeing this happen to a ton of websites. A SCT ct log not found
is logged whenever it happens:
2023-12-21 04:50:50.242204+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT list size (x509) = 3
2023-12-21 04:50:50.242218+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT ct log not found
2023-12-21 04:50:50.242226+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT log id = PxdLT9ciR1iUHWUchL4NEu2QN38fhWrrwb8ohez4ZG4=
2023-12-21 04:50:50.242233+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT origin = SCT_EMBEDDED
2023-12-21 04:50:50.242247+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT signature size = 72
2023-12-21 04:50:50.242364+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT log id = fVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebg=
2023-12-21 04:50:50.242370+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT origin = SCT_EMBEDDED
2023-12-21 04:50:50.242381+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT signature size = 71
2023-12-21 04:50:50.242509+0000 [com.adguard.mac.adguard.network-extension:176365] D: (CL: ) SSLDataProvider-CertVerify: [id=1002331] Verification error: CT_SCT_POLICY_CHECK_FAILED: Not enough valid SCTs
2023-12-21 04:50:50.242523+0000 [com.adguard.mac.adguard.network-extension:176365] D: (CL: ) PF: id=1002331 SSLFilter::onVerifyComplete Certificate www.formula1.com is not trusted (err=2, ctx=0x6000022ba340)
2023-12-21 04:54:25.682773+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT list size (x509) = 2
2023-12-21 04:54:25.682790+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT log id = SLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHM=
2023-12-21 04:54:25.682799+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT origin = SCT_EMBEDDED
2023-12-21 04:54:25.682818+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT signature size = 71
2023-12-21 04:54:25.682993+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT ct log not found
2023-12-21 04:54:25.683055+0000 [com.adguard.mac.adguard.network-extension:176358] D: (CL: ) SSLDataProvider-CertVerify: [id=1002383] Verification error: CT_SCT_POLICY_CHECK_FAILED: SCTs from at least 2 distinct log operators are required
Likely due to AdguardTeam/CoreLibs#1833.
Please try to update to the latest version of AdGuard for Mac which is v2.13. This issue should be fixed in this version. Please let us know if you still experience this issue with v2.13 installed.
Thanks @AlexandrPkhm, now it's working perfectly on 2.13!