Skip to content

Commit 20f51ef

Browse files
jshajsha
committed
Merge pull request EFForg#1879 from julianladisch/startcom
[startcom] remove startcom.org and ocsp.startcom, rule and test cleanup
2 parents 446cba2 + fe8704d commit 20f51ef

File tree

1 file changed

+23
-26
lines changed

1 file changed

+23
-26
lines changed

src/chrome/content/rules/StartCom.xml

Lines changed: 23 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -9,49 +9,46 @@
99
<target host="*.startssl.eu" />
1010
<target host="startssl.us" />
1111
<target host="*.startssl.us" />
12-
<target host="startcom.org" />
12+
<!-- host startcom.org responds neither on 80 nor on 443 -->
1313
<target host="*.startcom.org" />
1414

1515
<!-- since these resources are required for establishing HTTPS connections,
16-
they need to be available over HTTP
17-
<Piet> OCSP: URI: http://ocsp.startssl.com/sub/class4/server/ca
18-
<Piet> CA Issuers: URI: http://www.startssl.com/certs/sub.class4.server.ca.crt
19-
<Piet> URI: http://www.startssl.com/crt4-crl.crl
20-
<Piet> URI: http://crl.startssl.com/crt4-crl.crl
21-
(and from the SSL observatory):
22-
http://cert.startcom.org/sfsca-crl.crl
23-
http://crl.startcom.org/sfsca-crl.crl
24-
http://crl.startssl.com/sfsca.crl
25-
http://cert.startcom.org/ca-crl.crl
26-
http://crl.startcom.org/crl/ca-crl.crl
27-
(and from Eddy Nigg):
28-
http://ocsp.startssl.com/*
29-
http://www.startssl.com/certs/*.crt
30-
http://www.startssl.com/*.crl
31-
http://crl.startssl.com/*.crl
32-
http://cert.startcom.org/*.crl
33-
http://cert.startcom.org/*.crt
34-
-->
35-
<exclusion pattern="ocsp\.startcom" />
16+
they need to be available over HTTP -->
17+
<!-- from Piet: -->
18+
<test url="http://ocsp.startssl.com/sub/class4/server/ca" />
19+
<test url="http://www.startssl.com/certs/sub.class4.server.ca.crt" />
20+
<test url="http://www.startssl.com/crt4-crl.crl" />
21+
<test url="http://crl.startssl.com/crt4-crl.crl" />
22+
<!-- and from the SSL observatory: -->
23+
<test url="http://cert.startcom.org/sfsca-crl.crl" />
24+
<test url="http://crl.startcom.org/sfsca-crl.crl" />
25+
<test url="http://crl.startssl.com/sfsca.crl" />
26+
<test url="http://cert.startcom.org/ca-crl.crl" />
27+
<test url="http://crl.startcom.org/crl/ca-crl.crl" />
28+
<!-- and from Eddy Nigg: -->
29+
<test url="http://ocsp.startssl.com/sub/class1/server/ca/a" />
30+
<test url="http://www.startssl.com/certs/sub.class3.server.ca.crt" />
31+
<test url="http://www.startssl.com/crtu1-crl.crl" />
32+
<test url="http://crl.startssl.com/crtu1-crl.crl" />
33+
<test url="http://cert.startcom.org/crtu1-crl.crl" />
34+
<test url="http://cert.startcom.org/sub.class3.server.ca.crt" />
35+
3636
<exclusion pattern="ocsp\.startssl" />
3737
<exclusion pattern="\.crl$" />
3838
<exclusion pattern="\.crt$" />
3939

4040
<!-- should mitigate against exploitation of the above exclusions -->
4141
<securecookie host=".*" name=".*" />
4242

43-
<test url="http://startcom.org/" />
4443
<test url="http://linux.startcom.org/" />
4544
<test url="http://forum.startcom.org/" />
4645

4746
<test url="http://www.startssl.com/" />
48-
<test url="http://auth.startssl.com/" />
47+
<!-- url="http://auth.startssl.com/" host doesn't respond -->
4948
<test url="http://www.startssl.net/" />
5049
<test url="http://www.startssl.org/" />
5150
<test url="http://www.startssl.eu/" />
5251
<test url="http://www.startssl.us/" />
5352

54-
<rule from="^http://startcom\.org/" to="https://www.startcom.org/" />
55-
<rule from="^http://([^/:@\.]*\.)?startssl\.(com|net|org|eu|us)/" to="https://$1startssl.$2/"/>
56-
<rule from="^http://([^/:@\.]*\.)?startcom\.org/" to="https://$1startcom.org/"/>
53+
<rule from="^http:" to="https:" />
5754
</ruleset>

0 commit comments

Comments
 (0)