Closed SebastianRasch closed 6 months ago
Seeing this happen to a ton of websites. A SCT ct log not found
is logged whenever it happens:
2023-12-21 04:50:50.242204+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT list size (x509) = 3
2023-12-21 04:50:50.242218+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT ct log not found
2023-12-21 04:50:50.242226+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT log id = PxdLT9ciR1iUHWUchL4NEu2QN38fhWrrwb8ohez4ZG4=
2023-12-21 04:50:50.242233+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT origin = SCT_EMBEDDED
2023-12-21 04:50:50.242247+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT signature size = 72
2023-12-21 04:50:50.242364+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT log id = fVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebg=
2023-12-21 04:50:50.242370+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT origin = SCT_EMBEDDED
2023-12-21 04:50:50.242381+0000 [com.adguard.mac.adguard.network-extension:176429] D: (CL: ) AGCertificateVerifier: SCT signature size = 71
2023-12-21 04:50:50.242509+0000 [com.adguard.mac.adguard.network-extension:176365] D: (CL: ) SSLDataProvider-CertVerify: [id=1002331] Verification error: CT_SCT_POLICY_CHECK_FAILED: Not enough valid SCTs
2023-12-21 04:50:50.242523+0000 [com.adguard.mac.adguard.network-extension:176365] D: (CL: ) PF: id=1002331 SSLFilter::onVerifyComplete Certificate www.formula1.com is not trusted (err=2, ctx=0x6000022ba340)
2023-12-21 04:54:25.682773+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT list size (x509) = 2
2023-12-21 04:54:25.682790+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT log id = SLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHM=
2023-12-21 04:54:25.682799+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT origin = SCT_EMBEDDED
2023-12-21 04:54:25.682818+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT signature size = 71
2023-12-21 04:54:25.682993+0000 [com.adguard.mac.adguard.network-extension:176432] D: (CL: ) AGCertificateVerifier: SCT ct log not found
2023-12-21 04:54:25.683055+0000 [com.adguard.mac.adguard.network-extension:176358] D: (CL: ) SSLDataProvider-CertVerify: [id=1002383] Verification error: CT_SCT_POLICY_CHECK_FAILED: SCTs from at least 2 distinct log operators are required
Likely due to https://github.com/AdguardTeam/CoreLibs/issues/1833.
Hi @SebastianRasch
Please try to update to the latest version of AdGuard for Mac which is v2.13. This issue should be fixed in this version. Please let us know if you still experience this issue with v2.13 installed.
Thanks @AlexandrPkhm, now it's working perfectly on 2.13!
AdGuard version
2.12
Browser version
Safari 17.2
OS version
macOS 14.2
What filters do you have enabled?
AdGuard Base filter
What Stealth Mode options do you have enabled?
No response
Support ticket ID
No response
Issue Details
Steps to reproduce:
Expected Behavior
The certificate seems fine and is not expired when I check it myself so I would expect that AdGuard performs filtering
Actual Behavior
AdGuard thinks for some reason that the certificate is expired and doesn't filter this website
Screenshots
Screenshot 1:
![Screenshot 2023-12-20 at 12 25 23](https://github.com/AdguardTeam/AdguardForMac/assets/22617697/945bb5a2-7cdd-47e8-b371-186f953c0278)Screenshot 2:
![Screenshot 2023-12-20 at 12 44 05](https://github.com/AdguardTeam/AdguardForMac/assets/22617697/a93eb252-c49d-4eb1-a1c2-b1b4f2bbcaaa)Additional Information
Also tested on Microsoft Edge 120.0, same problem