[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: old https security debian org does not redirect to new page, invalid ssl cert instead

Correction to my previous post - https://security. was not that wide
spread, only few indexers seen few pages there (one missconfiguration
page, and legal page, and index page).

So this might be a rare issue for anyone stepping on that url.


Still, just for clarity, it might be good to either make redirect work
or close the port if possible.

Thanks


On 02/04/2019 12:02, dragon@peerfreedom.org wrote:
> On 02/04/2019 09:02, Paul Wise wrote:
>> On Mon, Apr 1, 2019 at 4:29 PM dragon@peerfreedom.org wrote:
>>
>>> I think it is a bug clearly - because that site was working before
>> The site has never supported https.
>
> Huh? This site - security.debian.org/  (website, not apt repository) in
> fact did supported https.
>
> I was using it since years afair, and even archive.org has archives of
> it, on the https URL:
>
> http://archive.is/MahaH ; (and many more)
>
> Apparently at some point it moved to debian.org/security/ , the only
> problem is that old address is redirecting to new address only on http,
> while on https it shows invalid cert.
>
>>  If you were using HTTPS
>> Everywhere, then it has a rule that will make it seem like https
>> redirects to the website (like http actually does).
> I did not used that.
>
>>> Imo just reject port 443 on that server, or make the redirection work again.
>> Which IP address are you connecting to?
> I got tests from friends both on ipv4 and ipv6, it resolves and connects to:
>
> 217.196.149.233
>
> and
>
> 2a02:16a8:dc41:100::233
>
>
>
> wget https://security.debian.org/
> --2019-04-02 xxxxxxx --  https://security.debian.org/
> Resolving security.debian.org (security.debian.org)...
> 2001:a78:5:1:216:35ff:fe7f:6ceb, 2a02:16a8:dc41:100::233,
> 217.196.149.233, ...
> Connecting to security.debian.org
> (security.debian.org)|2001:a78:5:1:216:35ff:fe7f:6ceb|:443... failed:
> Connection refused.
> Connecting to security.debian.org
> (security.debian.org)|2a02:16a8:dc41:100::233|:443... connected.
> ERROR: The certificate of ‘security.debian.org’ is not trusted.
> ERROR: The certificate of ‘security.debian.org’ hasn't got a known issuer.
> The certificate's owner does not match hostname ‘security.debian.org’
>
> wget https://security.debian.org/
> --2019-04-02 xxxxxxx --  https://security.debian.org/
> Resolving security.debian.org (security.debian.org)... 217.196.149.233,
> 212.211.132.250, 2001:a78:5:1:216:35ff:fe7f:6ceb, ...
> Connecting to security.debian.org
> (security.debian.org)|217.196.149.233|:443... connected.
> ERROR: The certificate of ‘security.debian.org’ is not trusted.
> ERROR: The certificate of ‘security.debian.org’ hasn't got a known issuer.
> The certificate's owner does not match hostname ‘security.debian.org’
>
>
>
Reply to: