Re: old https security debian org does not redirect to new page, invalid ssl cert instead

To: Paul Wise <pabs@debian.org>
Cc: debian-www@lists.debian.org
Subject: Re: old https security debian org does not redirect to new page, invalid ssl cert instead
From: "dragon@peerfreedom.org" <dragon@peerfreedom.org>
Date: Tue, 2 Apr 2019 12:02:33 +0000
Message-id: <[🔎] b64f00e1-ea2c-ef4d-97f8-ec88e9ad87ee@peerfreedom.org>
In-reply-to: <[🔎] CAKTje6HtcKBTSyV8ExT8zn8cwz1sweUCGnN8hgm4skdDuz65dQ@mail.gmail.com>
References: <bf12e64e-bb52-bd6f-19c4-36f176e866fe@peerfreedom.org> <20190331004813.sceorbhb7zxrfpx2@mraw.org> <[🔎] a4445a80-ee65-636d-35ad-b9be1c8ea5fd@peerfreedom.org> <[🔎] CAKTje6HtcKBTSyV8ExT8zn8cwz1sweUCGnN8hgm4skdDuz65dQ@mail.gmail.com>

On 02/04/2019 09:02, Paul Wise wrote:
> On Mon, Apr 1, 2019 at 4:29 PM dragon@peerfreedom.org wrote:
>
>> I think it is a bug clearly - because that site was working before
> The site has never supported https.


Huh? This site - security.debian.org/  (website, not apt repository) in
fact did supported https.

I was using it since years afair, and even archive.org has archives of
it, on the https URL:

http://archive.is/MahaH ; (and many more)

Apparently at some point it moved to debian.org/security/ , the only
problem is that old address is redirecting to new address only on http,
while on https it shows invalid cert.

>  If you were using HTTPS
> Everywhere, then it has a rule that will make it seem like https
> redirects to the website (like http actually does).

I did not used that.

>
>> Imo just reject port 443 on that server, or make the redirection work again.
> Which IP address are you connecting to?

I got tests from friends both on ipv4 and ipv6, it resolves and connects to:

217.196.149.233

and

2a02:16a8:dc41:100::233



wget https://security.debian.org/
--2019-04-02 xxxxxxx --  https://security.debian.org/
Resolving security.debian.org (security.debian.org)...
2001:a78:5:1:216:35ff:fe7f:6ceb, 2a02:16a8:dc41:100::233,
217.196.149.233, ...
Connecting to security.debian.org
(security.debian.org)|2001:a78:5:1:216:35ff:fe7f:6ceb|:443... failed:
Connection refused.
Connecting to security.debian.org
(security.debian.org)|2a02:16a8:dc41:100::233|:443... connected.
ERROR: The certificate of ‘security.debian.org’ is not trusted.
ERROR: The certificate of ‘security.debian.org’ hasn't got a known issuer.
The certificate's owner does not match hostname ‘security.debian.org’

wget https://security.debian.org/
--2019-04-02 xxxxxxx --  https://security.debian.org/
Resolving security.debian.org (security.debian.org)... 217.196.149.233,
212.211.132.250, 2001:a78:5:1:216:35ff:fe7f:6ceb, ...
Connecting to security.debian.org
(security.debian.org)|217.196.149.233|:443... connected.
ERROR: The certificate of ‘security.debian.org’ is not trusted.
ERROR: The certificate of ‘security.debian.org’ hasn't got a known issuer.
The certificate's owner does not match hostname ‘security.debian.org’

Reply to:

Follow-Ups:
- Re: old https security debian org does not redirect to new page, invalid ssl cert instead
  - From: "dragon@peerfreedom.org" <dragon@peerfreedom.org>
- Re: old https security debian org does not redirect to new page, invalid ssl cert instead
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: old https security debian org does not redirect to new page, invalid ssl cert instead
  - From: Paul Wise <pabs@debian.org>

References:
- Re: old https security debian org does not redirect to new page, invalid ssl cert instead
  - From: "dragon@peerfreedom.org" <dragon@peerfreedom.org>
- Re: old https security debian org does not redirect to new page, invalid ssl cert instead
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: events/material and events/materialS / Re: Broken link - Debian Flyers
Next by Date: Re: old https security debian org does not redirect to new page, invalid ssl cert instead
Previous by thread: Re: old https security debian org does not redirect to new page, invalid ssl cert instead
Next by thread: Re: old https security debian org does not redirect to new page, invalid ssl cert instead
Index(es):
- Date
- Thread