[HTTPS-Everywhere] bbc.co.uk attempts to use user installed certificates?
Austin English
austinenglish at gmail.com
Mon Mar 10 16:17:53 PDT 2014
On Mon, Mar 10, 2014 at 1:35 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net>
wrote:
>
> On 03/10/2014 12:51 PM, Alex Xu wrote:
> > It's not on bbc.co.uk per se; it's on another site whose resources are
> > requested by the main site. I *think* it's related to video content, but
> > not sure.
>
> Is it still happening for you? the popup dialog i get in iceweasel 27
> (the firefox variant on debian) when i visit sites that require client
> certs says:
>
> This site has requested that you identify yourself with a certificate:
> foo.example.com:443
> Organization: "Example Corp."
> Issued under: "Global Root CA"
> Choose a certificate to present as identification:
>
> What does yours say when you see this happening? that should help you
> to figure out what site is causing this.
>
> --dkg
>
>
> _______________________________________________
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
> https://lists.eff.org/mailman/listinfo/https-everywhere
An example URL:
http://www.bbc.co.uk/news/magazine-25816000 which then redirects to
http://www.bbc.com/news/magazine-25816000
See the attached screenshot (slightly edited for privacy reasons).
@Daniel, I'm not sure how to get the IP address of the server being used.
Running host on those domains returns several IPs..any tips?
One other important thing I just noticed. The BBC (partial) rule is enabled
(by default), but BBC.com (false MCB) is not. Enabling that rule the gives
me https bbc.com urls, but Firefox warns me that the page is only partially
encryped. The page still pops up the certificate dialog, however.
--
-Austin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140310/34c653d1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bbc_screenshot.png
Type: image/png
Size: 171220 bytes
Desc: not available
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140310/34c653d1/attachment-0001.png>
More information about the HTTPS-Everywhere
mailing list