[HTTPS-Everywhere] Ruleset for German Social Networks "VZNetzwerke"
Christopher Kramer
christopher at christosoft.de
Tue Oct 26 06:47:10 PDT 2010
Hi,
I created a ruleset for https-everywhere for the German social networks
StudiVZ, SchülerVZ and meinVZ ("VZnetzwerke").
The problem with these sites is that the SSL-certificate is only valid
for secure.[domain].net but this Subdomain does only work for login, not
for normal use. The normal www.-Subdomain (or the TLD) do work but
Firefox warns the user that the SSL-certificate is not correct
(ssl_error_bad_cert_domain). If the user adds an exception, everything
works fine.
The ruleset is:
<ruleset name="VZnetzwerke">
<rule from="^http://www\.schuelervz\.net/"
to="https://www.schuelervz.net/"/>
<rule from="^http://www\.studivz\.net/" to="https://www.studivz.net/"/>
<rule from="^http://www\.meinvz\.net/" to="https://www.meinvz.net/"/>
</ruleset>
If you include this ruleset into the extension, you should inform the
user about the meaning of these warnings and that it is safe to add the
exception.
Christopher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vznetzwerke.xml
Type: text/xml
Size: 266 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20101026/08a641cb/attachment.xml>
More information about the HTTPS-everywhere
mailing list