https://bugzilla.wikimedia.org/show_bug.cgi?id=31800
Web browser: ---
Bug #: 31800
Summary: upload.wikimedia.org provides wrong certificate via
IPv6
Product: Wikimedia
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: SSL related
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
When connectiong via IPv6 to upload.wikimedia.org a wrong certificate is shown.
The certificate is issued for "*.wikimediafoundation.org" and
"wikimediafoundation.org" which does not match upload.wikimedia.org. See below.
- Certificate[0] info:
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 027a5f
Issuer: C=US,O=GeoTrust\, Inc.,CN=RapidSSL CA
Validity:
Not Before: Mon Jul 18 07:19:38 UTC 2011
Not After: Tue Jul 19 16:14:20 UTC 2016
Subject:
serialNumber=DN84DBlZKsoLji7PlLHE4Pyj6ARQXJ-L,C=US,O=*.wikimediafoundation.org,OU=GT55614722,OU=See
www.rapidssl.com/resources/cps (c)11,OU=Domain Control Validated -
RapidSSL(R),CN=*.wikimediafoundation.org
Subject Public Key Algorithm: RSA
Certificate Security Level: Low
Modulus (bits 2048):
00:c3:79:a7:e0:cc:5f:7b:cc:10:5b:d2:eb:88:0d:55
ee:66:da:63:7c:0d:73:19:e8:04:85:95:d1:7f:b1:ae
fa:92:60:c8:8c:79:99:72:5b:c6:42:72:80:b9:b5:9a
11:6a:43:0f:d1:f3:c7:87:84:79:5d:56:56:b5:97:f9
2e:39:5a:61:18:8b:4f:83:56:94:38:30:44:a9:43:79
1f:ed:3f:36:ef:33:61:21:ca:fa:e3:90:3e:c9:52:18
6e:c5:3d:24:19:52:a7:90:ed:75:7a:b4:6f:40:e5:58
57:75:75:54:a2:ba:07:5c:26:57:66:7c:d4:46:f3:82
fe:c9:29:be:86:be:3c:a2:d7:e4:6e:5a:3a:fe:77:df
76:85:97:79:08:00:6b:66:fd:be:fd:1d:e5:f5:36:16
7c:92:a3:12:17:b0:f5:72:9a:7a:6b:e4:d8:31:42:70
3e:84:b4:8c:ae:69:c2:29:34:b1:89:c7:60:85:f4:2e
33:8a:1a:4a:50:26:dd:4d:7b:34:71:85:02:1e:6f:1d
8f:f1:db:b2:e0:6c:05:a5:b0:98:c1:74:39:2d:04:9d
cb:51:80:36:d9:e8:bb:3f:76:27:01:c9:65:f4:d5:dd
04:fe:1e:f7:0e:c2:c4:59:84:c8:b1:04:71:c8:f6:aa
bb
Exponent (bits 24):
01:00:01
Extensions:
Authority Key Identifier (not critical):
6b693d6a18424add8f026539fd35248678911630
Key Usage (critical):
Digital signature.
Key encipherment.
Key Purpose (not critical):
TLS WWW Server.
TLS WWW Client.
Subject Alternative Name (not critical):
DNSname: *.wikimediafoundation.org
DNSname: wikimediafoundation.org
CRL Distribution points (not critical):
URI: http://rapidssl-crl.geotrust.com/crls/rapidssl.crl
Subject Key Identifier (not critical):
16f250574f6b2250a9caa67c53a7b59b9eefbc5c
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Unknown extension 1.3.6.1.5.5.7.1.1 (not critical):
ASCII:
0;09..+.....0..-http://rapidssl-aia.geotrust.com/rapidssl.crt
Hexdump:
303b303906082b06010505073002862d687474703a2f2f726170696473736c2d6169612e67656f74727573742e636f6d2f726170696473736c2e637274
Signature Algorithm: RSA-SHA1
Signature:
84:98:5c:64:9a:f1:09:05:31:5c:3f:89:56:41:a4:4c
02:3d:8c:87:db:d2:31:91:21:1b:4a:f8:a7:83:5d:2c
8d:90:63:ff:02:b5:7e:57:9e:42:22:63:23:cb:36:6d
d8:a5:46:a2:97:68:97:ee:b9:ce:29:b4:89:bd:13:82
01:c3:d2:eb:81:07:16:5a:38:18:97:fe:05:22:e0:ad
7b:b1:c8:2a:8c:47:e8:60:cc:63:ae:61:2d:5f:45:a8
e1:b6:eb:d2:8d:03:a1:84:0e:74:1c:af:75:f8:ab:10
09:85:31:c0:58:16:82:fd:ca:eb:4e:7c:79:4c:cb:ec
a7:39:70:96:ce:f5:fb:56:14:5b:c6:20:f7:8b:63:b3
f7:90:84:2f:dd:bb:99:54:86:cf:e6:38:b4:e1:f9:a2
85:61:05:0f:6f:51:73:04:76:60:a6:b5:c9:4d:18:ee
27:17:6a:a7:cb:d9:c4:3d:a3:8d:7e:74:5a:1d:25:41
ad:9e:ea:41:03:d1:c3:0f:a1:62:ed:76:04:cd:1e:62
e6:0c:77:c7:34:e4:48:6e:85:83:e1:a0:c4:62:ab:5d
e4:21:7d:89:d8:0c:d4:e2:8f:79:86:a4:4b:09:01:79
05:64:5c:e3:ab:2c:85:1e:b1:be:fb:93:c1:ec:42:89
Other Information:
MD5 fingerprint:
272480c41a073648db7fedd9066e96be
SHA-1 fingerprint:
70616f43e39edd64c5aedaa3f79372e654d0e30c
Public Key Id:
16f250574f6b2250a9caa67c53a7b59b9eefbc5c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIDAnpfMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew
HhcNMTEwNzE4MDcxOTM4WhcNMTYwNzE5MTYxNDIwWjCB+TEpMCcGA1UEBRMgRE44
NERCbFpLc29Mamk3UGxMSEU0UHlqNkFSUVhKLUwxCzAJBgNVBAYTAlVTMSIwIAYD
VQQKDBkqLndpa2ltZWRpYWZvdW5kYXRpb24ub3JnMRMwEQYDVQQLEwpHVDU1NjE0
NzIyMTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNvbS9yZXNvdXJjZXMvY3Bz
IChjKTExMS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQgLSBSYXBp
ZFNTTChSKTEiMCAGA1UEAwwZKi53aWtpbWVkaWFmb3VuZGF0aW9uLm9yZzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMN5p+DMX3vMEFvS64gNVe5m2mN8
DXMZ6ASFldF/sa76kmDIjHmZclvGQnKAubWaEWpDD9Hzx4eEeV1WVrWX+S45WmEY
i0+DVpQ4MESpQ3kf7T827zNhIcr645A+yVIYbsU9JBlSp5DtdXq0b0DlWFd1dVSi
ugdcJldmfNRG84L+ySm+hr48otfkblo6/nffdoWXeQgAa2b9vv0d5fU2FnySoxIX
sPVymnpr5NgxQnA+hLSMrmnCKTSxicdghfQuM4oaSlAm3U17NHGFAh5vHY/x27Lg
bAWlsJjBdDktBJ3LUYA22ei7P3YnAcll9NXdBP4e9w7CxFmEyLEEccj2qrsCAwEA
AaOCAVAwggFMMB8GA1UdIwQYMBaAFGtpPWoYQkrdjwJlOf01JIZ4kRYwMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPQYDVR0R
BDYwNIIZKi53aWtpbWVkaWFmb3VuZGF0aW9uLm9yZ4IXd2lraW1lZGlhZm91bmRh
dGlvbi5vcmcwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL3JhcGlkc3NsLWNybC5n
ZW90cnVzdC5jb20vY3Jscy9yYXBpZHNzbC5jcmwwHQYDVR0OBBYEFBbyUFdPayJQ
qcqmfFOntZue77xcMAwGA1UdEwEB/wQCMAAwSQYIKwYBBQUHAQEEPTA7MDkGCCsG
AQUFBzAChi1odHRwOi8vcmFwaWRzc2wtYWlhLmdlb3RydXN0LmNvbS9yYXBpZHNz
bC5jcnQwDQYJKoZIhvcNAQEFBQADggEBAISYXGSa8QkFMVw/iVZBpEwCPYyH29Ix
kSEbSving10sjZBj/wK1fleeQiJjI8s2bdilRqKXaJfuuc4ptIm9E4IBw9LrgQcW
WjgYl/4FIuCte7HIKoxH6GDMY65hLV9FqOG269KNA6GEDnQcr3X4qxAJhTHAWBaC
/crrTnx5TMvspzlwls71+1YUW8Yg94tjs/eQhC/du5lUhs/mOLTh+aKFYQUPb1Fz
BHZgprXJTRjuJxdqp8vZxD2jjX50Wh0lQa2e6kED0cMPoWLtdgTNHmLmDHfHNORI
boWD4aDEYqtd5CF9idgM1OKPeYakSwkBeQVkXOOrLIUesb77k8HsQok=
-----END CERTIFICATE-----
$ host upload.wikimedia.org
upload.wikimedia.org is an alias for upload.esams.wikimedia.org.
upload.esams.wikimedia.org has address 91.198.174.234
upload.esams.wikimedia.org has IPv6 address 2620:0:862:1::80:2
When using the IPv4 address a valid certificate is provided.
This is especially annoying because I get certificate warnings every time I
vistit a wikipedia page via https.
Please let me know If you need any additional information.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
