Package: xul-ext-https-everywhere
Severity: wishlist
I've been submitting changes to the rules for debian.org/debian.net as
DSA add more SSL-enabled domains[1]. I'm not sure if upstream will make
a release containing them in time for the jessie release so I thought I
would submit a diff against 3.5.3 so we can at least have recent Debian
rules. My most recent patch hasn't yet been accepted but I guess it will
since previous ones were accepted. The attached patch includes the patch
that hasn't yet been accepted upstream, hopefully that is OK.
1.
https://anonscm.debian.org/gitweb/?p=mirror/dsa-puppet.git;a=tree;f=modules/ssl/files/servicecerts
--
bye,
pabs
http://wiki.debian.org/PaulWise
diff --git a/src/chrome/content/rules/Debian-self-signed.xml b/src/chrome/content/rules/Debian-self-signed.xml
new file mode 100644
index 000..2d6cb0e
--- /dev/null
+++ b/src/chrome/content/rules/Debian-self-signed.xml
@@ -0,0 +1,28 @@
+!--
+ For rules that are on by default, see Debian.xml.
+
+
+ Fully covered domains:
+
+ - mentors.debian.net
+ - paste.debian.net
+
+--
+ruleset name=Debian (self-signed) default_off=self-signed
+
+ target host=*.debian.net /
+ !--exclusion pattern=^http://screenshots\.debian\.net/; /--
+ !--
+ Nonfunctional:
+ --
+ !--exclusion pattern=^http://(ca|incoming|popcon|search)\.debian\.org/ /--
+ !--
+ Handled in Debian.xml:
+ --
+ !--exclusion pattern=^http://((?:anonscm|(?:[^/:@]+\.)?alioth|arch|bits|bugs(?:-master)?|buildd|bzr|contributors|cvs|darcs|db|dsa|ftp-master|git|hg|lintian|lists|munin|nagios|nm|openstack\.bm|packages|people|piuparts|puppet-dashboard|(?:packages\.)?qa|release|rt|rtc|security-(?:tracker|master)|sip-ws|sso|svn|tracker|udd|vote|wiki|www)\.)?debian\.org/ /--
+
+
+ rule from=^http://(mentors|paste)\.debian\.net/
+ to=https://$1.debian.net/; /
+
+/ruleset
diff --git a/src/chrome/content/rules/Debian.xml b/src/chrome/content/rules/Debian.xml
index 154a8fd..bce5d60 100644
--- a/src/chrome/content/rules/Debian.xml
+++ b/src/chrome/content/rules/Debian.xml
@@ -9,24 +9,14 @@
Nonfunctional domains:
- - screenshots.debian.net ¹
-
- debian.org subdomains:
- - anonscm ²
- ca (shows db; mismatched, CN: db.debian.org)
- - cvs ²
- incoming (shows ftp-master; mismatched, CN: ftp-master.debian.org)
- - people (reset; people.debian.org/~joerg/ is displayed
- after fetching gpg.ganneff.de over http...)
- popcon ¹
- - qa ¹
- - packages.qa ¹
- search (shows www; mismatched, CN: debian.org)
- - svn ²
¹ Refused
- ² Shows alioth; mismatched, CN: alioth.debian.org
Problematic domains:
@@ -36,12 +26,9 @@
- debian.org subdomains:
- - alioth ¹
- - lists.alioth ²
- cdimage (refused)
¹ Works, self-signed
- ² Works, self-signed, mismatched, CN: alioth.debian.org
Partially covered domains:
@@ -60,6 +47,7 @@
- nagios
- nm
- wiki
+- ...
altnames that don't exist:
@@ -89,7 +77,7 @@
securecookie host=^nm\.debian\.org$ name=.+ /
- rule from=^http://((?:bugs|buildd|contributors|db|dsa|ftp-master|lists|munin|nagios|nm|packages|piuparts|release|rt|security-tracker|sso|udd|vote|wiki|www)\.)?debian\.org/
+ rule from=^http://((?:anonscm|(?:[^/:@]+\.)?alioth|arch|bits|bugs(?:-master)?|buildd|bzr|contributors|cvs|darcs|db|dsa|ftp-master|git|hg|lintian|lists|munin|nagios|nm|openstack\.bm|packages|people|piuparts|puppet-dashboard|(?:packages\.)?qa|release|rt|rtc|security-(?:tracker|master)|sip-ws|sso|svn|tracker|udd|vote|wiki|www)\.)?debian\.org/
to=https://$1debian.org/; /
rule from=^http://(france|screenshots)\.debian\.net/
signature.asc
Description: This is a digitally signed message part