search

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.
https://brave.com
Mozilla Public License 2.0
17.85k stars 2.34k forks source link

OpenDNS is interfering with TLS traffic on Youtube.com #31996

Open fmarier opened 1 year ago

fmarier commented 1 year ago

We've received a report from a user that setting OpenDNS as the DoH provider in Brave: Screenshot from 2023-07-31 14-14-57

leads to TLS errors when visiting youtube.com: opendns-youtube

Full error message:

Your connection is not private
Attackers might be trying to steal your information from http://youtube.com (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
Subject: http://youtube.com

Issuer: Cisco Umbrella Secondary SubCA syd-SG

Expires on: 4 Aug 2023

Current date: 1 Aug 2023

PEM encoded chain:-----BEGIN CERTIFICATE-----
MIIDSDCCAjCgAwIBAgIEZMfknDANBgkqhkiG9w0BAQsFADBAMQ4wDAYDVQQKDAVD
aXNjbzEuMCwGA1UEAwwlQ2lzY28gVW1icmVsbGEgU2Vjb25kYXJ5IFN1YkNBIHN5
ZC1TRzAeFw0yMzA3MjkxNjQyMTZaFw0yMzA4MDMxNjQyMTZaMGwxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
MRYwFAYDVQQKDA1PcGVuRE5TLCBJbmMuMRgwFgYDVQQDDA93d3cueW91dHViZS5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCe4qVMT4QOzV4tYOLy
FXuXCrT4NovUl7FAflQHUOgBlAeIJuMyBhayzblUhRF/7lFgteYis5y6O9hPLsnO
sYXJwMWPQ5Y2qKo4bADClQ5jYI9GhItRb+UbPjZjW8iBQt3PZBvGH+MhiqT1aJTJ
OgWZpTMRcnJnZlxn1zhEqt4QDtY7W6CDRvEs+7CDJfua3rnx4euLZ9cc+Q5dpqg2
7YRURfUM/5OUb+7ciAPW56dj++Kc/+Gx9mW9P0uO1hpFU+rSiL8eF8axfbwfIIGh
6ZF7j1Lxj4zV1rnMvRoc7INy6HhGli/OJEv7AZbHytIwfeCHZHqx5J1rCDrCcicN
3x1/AgMBAAGjHjAcMBoGA1UdEQQTMBGCD3d3dy55b3V0dWJlLmNvbTANBgkqhkiG
9w0BAQsFAAOCAQEAKBjPYfoG+2H9fZQP3KfOKkM5INX+HfYZntmHR1NQK4y9jLa6
tK+YyDJIoJJYV40JRjA+fL+K/mRx/XuGGSC+IQj4xe7FIb6iyZVVkfR0OWnTlE6C
c3Ou9w11UPy02UMDIn9J26Wy+ngBwBitjy8QCrfAqyMvMONTJrhde8qIGax0tuoZ
/zC4264yqL7bxFryYXUOijcNc2Swddm6KHYIRRl62bfDkvd+8lXbzGexfcXWj/xM
V/5Tvk7HmcltZ8y/XYRJmZj4g3/tOxZu03wQTwFwshKHTxCzQduumjbuoT/N98yD
BH+Q7gdAyH9Dsd6vppUkETWnGm+DNb59o/ZvEA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIENTCCAx2gAwIBAgIQIwej8X7/SE2E/XIp5HjktDANBgkqhkiG9w0BAQsFADBx
MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu
IEZyYW5jaXNjbzEOMAwGA1UECgwFQ2lzY28xJTAjBgNVBAMMHENpc2NvIFVtYnJl
bGxhIFByaW1hcnkgU3ViQ0EwHhcNMjMwNzMwMTIyOTM4WhcNMjMwODEwMTIyOTM4
WjBAMQ4wDAYDVQQKDAVDaXNjbzEuMCwGA1UEAwwlQ2lzY28gVW1icmVsbGEgU2Vj
b25kYXJ5IFN1YkNBIHN5ZC1TRzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ7ipUxPhA7NXi1g4vIVe5cKtPg2i9SXsUB+VAdQ6AGUB4gm4zIGFrLNuVSF
EX/uUWC15iKznLo72E8uyc6xhcnAxY9DljaoqjhsAMKVDmNgj0aEi1Fv5Rs+NmNb
yIFC3c9kG8Yf4yGKpPVolMk6BZmlMxFycmdmXGfXOESq3hAO1jtboING8Sz7sIMl
+5reufHh64tn1xz5Dl2mqDbthFRF9Qz/k5Rv7tyIA9bnp2P74pz/4bH2Zb0/S47W
GkVT6tKIvx4XxrF9vB8ggaHpkXuPUvGPjNXWucy9Ghzsg3LoeEaWL84kS/sBlsfK
0jB94IdkerHknWsIOsJyJw3fHX8CAwEAAaOB+TCB9jASBgNVHRMBAf8ECDAGAQH/
AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUFVZQbkkw1SY1IA6Yql/gu3+E
/28wHwYDVR0jBBgwFoAURV/1m3EzJanATjwCRM886EYGFsQwTAYIKwYBBQUHAQEE
QDA+MDwGCCsGAQUFBzAChjBodHRwOi8vY3JsLnByb2QuY2FnZW5lcmF0b3IucGtp
LnN0cmxuLm5ldC9jYS5wZW0wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybC5w
cm9kLmNhZ2VuZXJhdG9yLnBraS5zdHJsbi5uZXQvY3JsLnBlbTANBgkqhkiG9w0B
AQsFAAOCAQEASB7n2+ZnK3IKOfvSdPVjHvbUCBK+JwcQSZu1RVPJDxHV/w/xi0Xf
L5X+RBPnrYwFnGyZcNzB5340v8IInDaApH4/MwXEErfkFF7Y8GnnG+P0J6qAjE8r
ZabBceA+EU1SobPD5hLikj5oxecWFPs6S0HXhDZAfpF41g/8jclNluBoDpm4NDg4
1wOwdFba1b3BbjwFqxNRnFMhoQS+r6DXrAViCZV58XG710jmCWK5207jDyaWRqRW
SlLWHmpSm+mhWgixWh5Gbp2D9rWFBNhd2q5QELhCcyMNRlhExp8zch2p5GWTbMj2
IZiRh/Qtlxa6+Qc7yrDgRfZseZ977D9icw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEuzCCA6OgAwIBAgIJAcQ3zFeNvKYVMA0GCSqGSIb3DQEBCwUAMDExDjAMBgNV
BAoTBUNpc2NvMR8wHQYDVQQDExZDaXNjbyBVbWJyZWxsYSBSb290IENBMB4XDTE5
MDUyMTE5NTMxOFoXDTI0MDUyMTE5NTMxOFowcTELMAkGA1UEBhMCVVMxEzARBgNV
BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDjAMBgNVBAoM
BUNpc2NvMSUwIwYDVQQDDBxDaXNjbyBVbWJyZWxsYSBQcmltYXJ5IFN1YkNBMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFEhA5TkN8CiGmW7XjaUbuve
U274v0kt6hRW8UUakmbyLnkI4d/BBQrGW71LYiT2QH4UaoYuihTXjuyAlzDxJ9OQ
Vje2NB9RdE3FcUCISeW5GrQs7vF2xFrjs2TGgG4ZXjE/8WymgFZP50nsTJYf7VqL
1r6Brs59DAbbQ1rVvsz/DFxoE3ruFagSFcOF07/watUxFrAPV+S/kK6Nb5TqrI1j
32hK6i49ujavDcbbb12aozwdoyPSyhs4cB0sCXFHK/yEdaE4CNXEAH8EjKUuj6O2
QUvRtBGM480688BId0T0ws3q+hSzRiVJ+dYCr3iufmTrAMhVwc+EzGjlEfLyXwID
AQABo4IBlDCCAZAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQEw
UgYDVR0gBEswSTBHBgorBgEEAQkVAR0AMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly93
d3cuY2lzY28uY29tL3NlY3VyaXR5L3BraS9wb2xpY2llcy8wHQYDVR0OBBYEFEVf
9ZtxMyWpwE48AkTPPOhGBhbEMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly93d3cu
Y2lzY28uY29tL3NlY3VyaXR5L3BraS9jcmwvY2lzY291bWJyZWxsYXJvb3QuY3Js
MIGHBggrBgEFBQcBAQR7MHkwSQYIKwYBBQUHMAKGPWh0dHA6Ly93d3cuY2lzY28u
Y29tL3NlY3VyaXR5L3BraS9jZXJ0cy9jaXNjb3VtYnJlbGxhcm9vdC5jZXIwLAYI
KwYBBQUHMAGGIGh0dHA6Ly9wa2ljdnMuY2lzY28uY29tL3BraS9vY3NwMB8GA1Ud
IwQYMBaAFENzAN4kukAaQFQsfXzVAEiJDHCkMA0GCSqGSIb3DQEBCwUAA4IBAQC6
P7ugvpQSkNxrzY1ZM0Nd9Q3LaoTERS4ItcxMsswFPl7ID/3Vk3v3ZT6KgtCZ+Nh0
MUgZztLATHf42ZppdSkdMf1HfCmLSWORz/eK+fZxztE63M1EGiZJoe8qFKT9z6qx
iDD989jyjY74sYfiSo5nbhcb5meUrUO6MQvOO5pUnlhWsDiBUg+yBzyfVoLnGRlY
2t7UZVTUz5kbBNFieTIt86yaYAumgOqriz/dCgQltFySbOkrgg/PN7cRv3IWm84C
uKQ9prsXbXLLbl8U+bGRH119prl3zJyRnQ0D+ursCqUnIfziBdKv7yLsupGDGt+Q
oqLzmkMPYE+WZmEi+3j5
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDJjCCAg6gAwIBAgIIUW6l3kYeVMEwDQYJKoZIhvcNAQELBQAwMTEOMAwGA1UE
ChMFQ2lzY28xHzAdBgNVBAMTFkNpc2NvIFVtYnJlbGxhIFJvb3QgQ0EwHhcNMTYw
NjI4MTUzNzUzWhcNMzYwNjI4MTUzNzUzWjAxMQ4wDAYDVQQKEwVDaXNjbzEfMB0G
A1UEAxMWQ2lzY28gVW1icmVsbGEgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAO7ZjfBSCaz5EMYSiWYoXjHPP/w7xFT4bXa82lOZ9CJJXDQw
bZpBdmuqX9UWo769LIAaSUvkYEeZqcTsjrx/7juPKoOErhJY0cPK12LU9PbHXqEd
XESIqBjdOC5oiIFHhTAKuuKRlL7rhPYkYhZtgdll4h0FLIG+xNsMVfzJb7z69X8Y
vF9r1drLkd7oR2xHuRkXgzeblFVpF+DRF7WXNhLy0By38ZxtClxYUSitdz53W0ic
maelG7EyCVNVxARxn5waaphRvki1hkuqqrm3JdlV165zAOdSz3JKzRISQinCTQuT
+RK/w0qLsDTyOVO/mEIVWLXu/Z1NtuXgj/jhegcCAwEAAaNCMEAwDgYDVR0PAQH/
BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFENzAN4kukAaQFQsfXzV
AEiJDHCkMA0GCSqGSIb3DQEBCwUAA4IBAQBIEoceSPZLmo5sLmgDfQA+Fq5BKztL
qg8aAvZdrbdMEKEBr1RDB0OAhuPcaaVxZi6Hjyql1N999Zmp8qIw/lLTt3VSTmEa
29uPgjdMGLl9KyfZjARiA/PPvPdHTwg7TMJOet+w7P5nWabLNW55+Wc/JzCSFE30
+0Kdz/jojxlA/8t0xYLCdS2UK7zC4kuAbojHLJDbIQO3HeEWwVmg4FO89AHVvC4R
Y+V0t7SaEradv6tPG9DHX7PLwjQ/Xs95NGDIJTeFwCRqYUlBu9iZjIvKba0e0tST
Vuyw2+P2HuWazjBPawGrbfyw+uO3KO4WnNGjMutJJ920o8B5M8gW1+Ye
-----END CERTIFICATE-----

I was not able to reproduce.

fmarier commented 1 year ago

It looks like it comes from this endpoint security software by Cisco: https://learn-cloudsecurity.cisco.com/umbrella-resources/umbrella/cisco-umbrella-product-overview?language=English