7b0f6b042e871ade186062f9eae2ffb9377d1e12
_Footer.md
... | ... | @@ -1 +1 @@ |
1 | -Hosted by: [mortzu](mailto:[email protected]), [xuu](mailto:[email protected]) | Accessible via: [Internet](https://dn42.net/), [dn42](https://internal.dn42), [tor](http://jsptropkiix3ki5u.onion), [i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/) |
|
... | ... | \ No newline at end of file |
0 | +Hosted by: [mortzu](mailto:[email protected]), [xuu](mailto:[email protected]) | Accessible via: [dn42](http://internal.dn42), [tor](http://jsptropkiix3ki5u.onion), [i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/) |
|
... | ... | \ No newline at end of file |
services/Certificate-Authority.md
... | ... | @@ -50,18 +50,18 @@ which will show among other things: |
50 | 50 | |
51 | 51 | The following sites have been set up to demonstrate the CA failing to sign arbitrary domains: |
52 | 52 | |
53 | -* [badkey.sour.is](https://badkey.sour.is) |
|
54 | -* [badkey.xuu.me](https://badkey.xuu.me) |
|
55 | -* [badkey.xuu.dn42](https://badkey.xuu.dn42) |
|
53 | +* [badkey.sour.is](https://badkey.sour.is) - Host is in HSTS preload with key pinning. The browser should fail because the keypin does not match. |
|
54 | +* [badkey.xuu.me](https://badkey.xuu.me) - Hostname is outside of domain allowed list. |
|
55 | +* [badkey.internal.dn42](https://badkey.internal.dn42) - Valid hostname and keypinned. But certificate contains bad subject alternate names. |
|
56 | 56 | |
57 | 57 | They all use the same certificate, that should be regarded invalid by whatever software you use because of |
58 | 58 | ``` |
59 | + Subject: CN=badkey.sour.is |
|
60 | +[...] |
|
59 | 61 | X509v3 Subject Alternative Name: |
60 | - DNS:badkey.internal.dn42, DNS:badkey.sour.is, DNS:badkey.xuu.me, DNS:google.com, DNS:*.com, DNS:*.* |
|
61 | - |
|
62 | + DNS:badkey.sour.is, DNS:badkey.xuu.me, DNS:badkey.xuu.dn42, DNS:* |
|
62 | 63 | |
63 | 64 | ``` |
64 | -even though the subject says `CN=badkey.internal.dn42`, which would be allowed. |
|
65 | 65 | |
66 | 66 | ## Importing the certificate |
67 | 67 |