<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
> Should we write a rule for such a site (e.g. bundesrat.de) or
should<br>
> their implementation be regarded as broken?<br>
<br>
Sites where Firefox can download the intermediate should be
considered working, and we can write rules for them. We should aim
to make the checker smart enough to not be flummoxed by those sites.<br>
<br>
<div class="moz-cite-prefix">On 04/23/2015 02:44 AM, Jonas Witmer
wrote:<br>
</div>
<blockquote cite="mid:5538BEEF.1090207@gmx.ch" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Am 15.02.15 um 19:17 schrieb Jacob
Hoffman-Andrews:<br>
</div>
<blockquote cite="mid:54E0E2CD.9020402@eff.org" type="cite"> Good
point! I think we are also missing some of the most current
certificates from Firefox, which I plan to update: <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://support.google.com/dfp_sb/answer/2524536?hl=en">https://support.google.com/dfp_sb/answer/2524536?hl=en</a>.
If we still have issues after updating those, we may want to
install the transitive closure of those certificates, from the
SSL Observatory.<br>
</blockquote>
</blockquote>
FYI, I have since updated https-everywhere-checker to include the
transitive closure of known CA certificates from the SSL Observatory
as of last month or so. This improved the checker's accuracy a lot,
but it still gets an occasional problem with missing certificates.<br>
<br>
If anyone is interested in helping to improve the checker, I'd
suggest running it in disable-broken-rules mode, then going through
the results for false positives, and trying to find and fix the root
cause of those false positives:<br>
<br>
python2.7
https-everywhere-checker/src/https_everywhere_checker/check_rules.py
https-everywhere-checker/disable-broken-rulesets.checker.config<br>
<br>
Note that you may have to trim the number of threads in the config
depending on your available bandwidth / CPU speed.<br>
</body>
</html>