[ooni-dev] Ooniprobe in Latvia

Collin Anderson collin at averysmallbird.com
Thu Jan 8 22:19:02 UTC 2015

On Thu, Jan 8, 2015 at 3:47 PM, Aleksejs Popovs <popoffka at gmail.com> wrote:

> To conclude, this is a
> real case of a non gambling-related page being blocked, although
> almost definitely by accident. I will notify Lattelecom about this.

Cloudflare-hosted sites are included as Subject Alternative Names in the
certificate they share between hosted sites. I wonder if the intermediary
parses the cert to match against the blacklisted domains, and terminates
any connection that lists the name. That identifier also provides you a
list of all of the sites that are overblocked as a result in your work, e.g.

openssl s_client -connect lucky31.com:443 2>&1 | openssl x509 -text

X509v3 Subject Alternative Name:

DNS:ssl3055.cloudflare.com, DNS:myriotravelguide.com, DNS:*.
americandreamhomeimprovement.com, DNS:*.thermosystemsinc.info, DNS:*.
evasi0ndownload.com, DNS:*.fraglive.cl, DNS:thealtitudecompany.com, DNS:
cmonsite.fr, DNS:*.weekcal.com, DNS:cu2nite.com.au, DNS:*.
genesisenergyinternational.net, DNS:*.lucky31.com, DNS:*.starspayment.com,
DNS:starspayment.com, DNS:*.loppis.me, DNS:loppis.me, DNS:
unitedcostumes.com.au, DNS:2ch.hk, DNS:thermosystemsinc.info, DNS:*.
bunadformenn.info, DNS:weekcal.com, DNS:starfishmedia.com, DNS:
mycareers360.com, DNS:*.casinoextra.com, DNS:peakfit.com.gt, DNS:
productworld.com, DNS:*.unitedcostumes.com.au, DNS:*.habbo.as, DNS:
genesisenergyinternational.net, DNS:lucky31.com, DNS:*.
thealtitudecompany.com, DNS:*.timesulin.com, DNS:evasi0ndownload.com, DNS:
fraglive.cl, DNS:*.2ch.hk, DNS:*.productworld.com, DNS:casinoextra.com, DNS:
americandreamhomeimprovement.com, DNS:timesulin.com, DNS:*.peakfit.com.gt,
DNS:*.myriotravelguide.com, DNS:bunadformenn.info, DNS:habbo.as, DNS:*.
cmonsite.fr, DNS:*.starfishmedia.com, DNS:*.mycareers360.com, DNS:*.

If it is certificate parsing, that might make for an interesting test and
test helper. Neat find.

*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/ooni-dev/attachments/20150108/f6452508/attachment.html>

More information about the ooni-dev mailing list