Bug#751883: planet.debian.org: https://planet.debian.org broken (certificate and webpage)
Package: www.debian.org
Severity: important
Dear Maintainer,
trying to use planet.debian.org with https results in two problems:
1. certificate does not match:
$ wget https://planet.debian.org/
--2014-06-17 14:55:30-- https://planet.debian.org/
Resolving planet.debian.org (planet.debian.org)... 198.232.124.192
Connecting to planet.debian.org (planet.debian.org)|198.232.124.192|:443... connected.
The certificate's owner does not match hostname 'planet.debian.org'
$ echo GET | openssl s_client -connect planet.debian.org:443 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
...
verify error:num=19:self signed certificate in certificate chain
verify return:0
...
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=*.netdna-ssl.com
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
---
No client certificate CA names sent
---
SSL handshake has read 5413 bytes and written 449 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 39A093E7D374EFFC63A99EFE808CC54BCC20E52D29EC5A156291B3B5F34E08AB
Session-ID-ctx:
Master-Key: AB0A9B908EB7E87E186F8C86EAAF7D1661606E7768D3EF9FBF3BB0C9FFA3F3E8FCB23C9DA48DB89EB1DC265975B224BC
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 20 3d ab 9f c0 73 80 26-d5 80 17 63 02 36 62 9e =...s.&...c.6b.
0010 - 81 b2 99 aa ad e5 0f 94-b0 4b a9 7e 15 0a e8 51 .........K.~...Q
0020 - 22 64 50 ed 5b 68 f0 47-88 ca f2 1a a1 ee 17 68 "dP.[h.G.......h
0030 - db 2a 02 d8 69 97 07 a3-f9 2d c3 32 9b af 8a 4d .*..i....-.2...M
0040 - b6 c0 86 25 b5 f9 22 dd-27 5b 9d 07 85 a1 23 bc ...%..".'[....#.
0050 - 5e 77 83 d3 e8 94 2e ee-99 2a 7e b4 fc b6 43 5a ^w.......*~...CZ
0060 - e0 de 88 57 93 dc 28 76-4f 85 53 06 b4 7c dc ff ...W..(vO.S..|..
0070 - 86 00 9a dd 91 21 dc 6a-a2 a8 8a 3b 60 5d ad f9 .....!.j...;`]..
0080 - 52 ee bd 12 75 91 72 ce-65 69 c4 71 b4 f7 ec d1 R...u.r.ei.q....
0090 - 50 50 ca 65 21 e5 df 9e-83 d8 e7 8b 75 e7 65 15 PP.e!.......u.e.
Start Time: 1403009978
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
DONE
SSL3 alert write:warning:close notify
2. and the presented webpage is just a placeholder:
$ wget --no-check-certificate https://planet.debian.org/
--2014-06-17 14:57:47-- https://planet.debian.org/
Resolving planet.debian.org (planet.debian.org)... 198.232.124.192
Connecting to planet.debian.org (planet.debian.org)|198.232.124.192|:443... connected.
The certificate's owner does not match hostname 'planet.debian.org'
HTTP request sent, awaiting response... 200 OK
Length: 83 [text/html]
Saving to: 'index.html'
100%[======================================>] 83 --.-K/s in 0s
2014-06-17 14:57:47 (50.7 MB/s) - 'index.html' saved [83/83]
$ cat index.html
You are hitting the MaxCDN Frankfurt Datacenter<br>
<img src=netdna.gif?city=15 >
Thank you for fixing.:)
Regards
Noël
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: