Opened 7 years ago

Closed 7 years ago

#10958 closed defect (fixed)

PCWorld blocked

Reported by: galaxy40 Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Worked fine in the past. Now always blocked because certificate not trusted. Says it is self signed.

Child Tickets

Change History (3)

comment:1 Changed 7 years ago by yawning

While one would hope that pcworld.com will use a certificate that:

  • Isn't self signed
  • Isn't issued to "IT, My Company, Seattle, WA, US"
  • Has a real host name
  • Has a real contact address

Dumping the certificate returned from pcworld.com with openssl s_client indicates that they failed on all counts. The warning is correct.

depth=0 /C=US/ST=WA/L=Seattle/O=MyCompany/OU=IT/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=WA/L=Seattle/O=MyCompany/OU=IT/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
verify return:1
---
Certificate chain
 0 s:/C=US/ST=WA/L=Seattle/O=MyCompany/OU=IT/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
   i:/C=US/ST=WA/L=Seattle/O=MyCompany/OU=IT/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICpjCCAg+gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMRIwEAYDVQQKEwlNeUNvbXBh
bnkxCzAJBgNVBAsTAklUMR4wHAYDVQQDExVsb2NhbGhvc3QubG9jYWxkb21haW4x
KTAnBgkqhkiG9w0BCQEWGnJvb3RAbG9jYWxob3N0LmxvY2FsZG9tYWluMB4XDTA3
MDExODE4NDgzMloXDTE3MDExNTE4NDgzMlowgZgxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJXQTEQMA4GA1UEBxMHU2VhdHRsZTESMBAGA1UEChMJTXlDb21wYW55MQsw
CQYDVQQLEwJJVDEeMBwGA1UEAxMVbG9jYWxob3N0LmxvY2FsZG9tYWluMSkwJwYJ
KoZIhvcNAQkBFhpyb290QGxvY2FsaG9zdC5sb2NhbGRvbWFpbjCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEA0CIk85MjGj9G6F0ulin23Xh/vNf2JCMyeKPJrnTw
oSf7ImlgZ6JT81OiBLcylZm3K44W76ZjbA1u6fIJnpX+/f1RPqFxKyh5+hYo+tfF
0Ja4yTkAE/HyQUACMEO+IeIpyf13sg/uTVr5ikeAkiDl1/5ZeqILV2QEexNsxLe8
t08CAwEAATANBgkqhkiG9w0BAQUFAAOBgQBFNK5F1ItaOZLvnRMBsOIM7zzB21SP
lXr130kCdouP6zLq0xkbmWqgxLpUVh9Kc2xHFMGwbcFr9I5TMDPjCaRwUV1V4fbh
CGko7wefIEkq6mhTmNBSP7azcCC9f/NXC2CkB4OAYS22dHdRaQd0vwOhbqCjzHDp
Zk9Q0eg2Oe5khg==
-----END CERTIFICATE-----
subject=/C=US/ST=WA/L=Seattle/O=MyCompany/OU=IT/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
issuer=/C=US/ST=WA/L=Seattle/O=MyCompany/OU=IT/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
---
No client certificate CA names sent
---

comment:2 Changed 7 years ago by cypherpunks

Component: - Select a componentEFF-HTTPS Everywhere
Owner: set to pde

comment:3 Changed 7 years ago by zyan

Resolution: fixed
Status: newclosed

Fixed.

Note: See TracTickets for help on using tickets.