[HTTPS-Everywhere] Custom rules
https-everywhere at lists.grepular.com
https-everywhere at lists.grepular.com
Fri Oct 15 02:13:18 PDT 2010
On 14/10/2010 17:01, Robert wrote:
>> I have one for reddit.com too, but I'm not sure if you'd want to include
>> this one... The problem is, the login form explicitly posts to http:// -
>
> What about the fact that the SSL cert does not match the domain?
>
> The cert is only valid for a248.e.akamai.net , *.akamaihd.net.
Ah. I'd added a manual exception at some point for that certificate so
didn't notice.
Is there a policy on "invalid" certificates for this add-on? For
example, what about websites that have certificates from cacert.org?
Their root isn't installed in any of the major browsers yet... Does that
mean they shouldn't be included? Self signed certs? Certs where the CN
doesn't match?
--
Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin
Read my tech Blog - https://secure.grepular.com/
Follow me on Twitter - http://twitter.com/mickeyc
Hire me - http://cardwellit.com/ http://uk.linkedin.com/in/mikecardwell
More information about the HTTPS-everywhere
mailing list