[HTTPS-Everywhere] Stupid Perl Tricks: ssl_check2.pl
Seth David Schoen
schoen at eff.org
Wed Nov 10 18:10:56 PST 2010
Peter Eckersley writes:
> Whizz, this script is great but I'm wondering if it's still somewhat buggy...
The main problem here seems to be the twimg hosts, which do not answer
HTTPS.
> 1 zzz. HTTPS request timeout. Added a0.twimg.com to badhosts list.g
> 7 zzz. HTTPS request timeout. Added a1.twimg.com to badhosts list.
> 19 zzz. HTTPS request timeout. Added a2.twimg.com to badhosts list.
> 25 zzz. HTTPS request timeout. Added a3.twimg.com to badhosts list.g
This is to say that ssl_check2.pl is (1) taking an aggressive position
(Chris might just say "a sane position") on mixed content, and (2) relying
on naive URL rewriting (s/http/https/) instead of some kind of magical
external knowledge of how to change URLs to make them work.
It looks like ssl_check2.pl correctly detected that Twitter has a
severe mixed-content problem that can't be fixed automatically. :-(
--
Seth Schoen
Senior Staff Technologist schoen at eff.org
Electronic Frontier Foundation https://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-everywhere
mailing list