Opened 7 years ago

Closed 6 years ago

#9734 closed defect (fixed)

DreamHost CA, CRL and OCSP broken

Reported by: mnordhoff Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords: httpse-ruleset-bug
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

DreamHost-issued SSL certificates include CA, CRL and OCSP URLs broken by the DreamHost ruleset, which rewrites almost all dreamhost.com subdomains.

Example page with such a cert:

https://panel.dreamhost.com/

Example URLs affected, from that cert:

http://crl.dreamhost.com/DREAMHOSTSSLDOMAINVALIDATEDCA.crl
http://crt.dreamhost.com/DREAMHOSTSSLDOMAINVALIDATEDCA.crt
http://ocsp.dreamhost.com (which is an OCSP server, natch)

Aside from their control panel, it also affects their object storage service (https://objects.dreamhost.com/), which is more user-facing, and I suspect it could affect certs issued to users.

Child Tickets

Change History (1)

comment:1 Changed 6 years ago by pde

Resolution: fixed
Status: newclosed

Fixed in git master.

Note: See TracTickets for help on using tickets.