[tor-bugs] #9734 [EFF-HTTPS Everywhere]: DreamHost CA, CRL and OCSP broken
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Sep 14 10:24:42 UTC 2013
#9734: DreamHost CA, CRL and OCSP broken
----------------------------------+---------------------
Reporter: mnordhoff | Owner: pde
Type: defect | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: httpse-ruleset-bug | Actual Points:
Parent ID: | Points:
----------------------------------+---------------------
DreamHost-issued SSL certificates include CA, CRL and OCSP URLs broken by
the DreamHost ruleset, which rewrites almost all dreamhost.com subdomains.
Example page with such a cert:
https://panel.dreamhost.com/
Example URLs affected, from that cert:
http://crl.dreamhost.com/DREAMHOSTSSLDOMAINVALIDATEDCA.crl
http://crt.dreamhost.com/DREAMHOSTSSLDOMAINVALIDATEDCA.crt
http://ocsp.dreamhost.com (which is an OCSP server, natch)
Aside from their control panel, it also affects their object storage
service (https://objects.dreamhost.com/), which is more user-facing, and I
suspect it could affect certs issued to users.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9734>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list