List for cgit developers and users
 help / color / mirror / Atom feed
* certificate problem with libravatar
@ 2014-07-03  9:16 list
  2014-07-03 10:22 ` john
  0 siblings, 1 reply; 2+ messages in thread
From: list @ 2014-07-03  9:16 UTC (permalink / raw)


Hello everybody,

looks like we have a certificate problem with libravatar email filter. For
base URL we use "//cdn.libravatar.org/", with is fine if cgit serves
unencrypted html pages. The url evaluates to "http://cdn.libravatar.org/"
then. However if cgit sends an encrypted site the url is
"https://cdn.libravatar.org/", with results in a certificate error as CN does
not match.

We could just change the url to "//seccdn.libravatar.org/" or
"https://seccdn.libravatar.org/", but that would fetch the avatar via https
all the some. In fact the first one makes two requests as the http server
redirects to https one.

Does the script know whether or not the site is encrypted? That would allow
us to choose the correct url. Any other ideas?
-- 
main(a){char*c=/*    Schoene Gruesse                         */"C7?Bj;MEH"
"CX:;",b;for(a/*    Chris           get my mail address:    */=0;b=c[a++];)
putchar(b-1/(/*               gcc -o sig sig.c && ./sig    */b/42*2-3)*42);}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20140703/19ce4b26/attachment.asc>


^ permalink raw reply	[flat|nested] 2+ messages in thread
* certificate problem with libravatar
  2014-07-03  9:16 certificate problem with libravatar list
@ 2014-07-03 10:22 ` john
  0 siblings, 0 replies; 2+ messages in thread
From: john @ 2014-07-03 10:22 UTC (permalink / raw)


On Thu, Jul 03, 2014 at 11:16:21AM +0200, Christian Hesse wrote:
> looks like we have a certificate problem with libravatar email filter. For
> base URL we use "//cdn.libravatar.org/", with is fine if cgit serves
> unencrypted html pages. The url evaluates to "http://cdn.libravatar.org/"
> then. However if cgit sends an encrypted site the url is
> "https://cdn.libravatar.org/", with results in a certificate error as CN does
> not match.
> 
> We could just change the url to "//seccdn.libravatar.org/" or
> "https://seccdn.libravatar.org/", but that would fetch the avatar via https
> all the some. In fact the first one makes two requests as the http server
> redirects to https one.
> 
> Does the script know whether or not the site is encrypted? That would allow
> us to choose the correct url. Any other ideas?

FWIW my vote would be to always use "https://seccdn.libravatar.org/",
since HTTP->HTTPS is OK but HTTPS->HTTP is not and if HTTP is just going
to redirect to HTTPS then we might as well go directly to the HTTPS.


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-07-03 10:22 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-07-03  9:16 certificate problem with libravatar list
2014-07-03 10:22 ` john

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).