Comments (7)
@RichardoC thanks for reporting this, I'm having trouble reproducing it though.
from osv.dev.
@RichardoC Given you changed the title, I wonder if step 3 of your reproduction needs to be edited as well? If I'm reading correctly, it sounds like the problems were all within google.github.io, which is GitHub serving infrastructure. I wonder if it had a temporary glitch?
from osv.dev.
Here's a video of the issue, I suspect it's just that the URL for the FAQ's is wrong
Screencast from 16-11-23 23:20:00.webm
from osv.dev.
Thanks for the screencast, that helped surface the additional detail of Firefox being the browser.
This is looking to me like some sort of browser certificate pinning error, because for me with Chrome, I'm seeing everything to be in order, and based on the failure message I'm seeing, the certificate being expected by your browser is a Google certificate, but this site is a *.github.io site.
Would you mind trying this with a totally fresh Firefox browser profile or (I think Firefox calls it "Private Browsing" window?)
from osv.dev.
This is what I'm seeing with Chrome, and doesn't look like what you're seeing with Firefox:
$ echo | openssl s_client -showcerts -servername google.github.io -connect google.github.io:443 2>/dev/null | openssl x509 -inform pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:4d:72:d7:7c:dd:a7:02:dd:5a:67:f2:a2:3b:bd:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
Validity
Not Before: Feb 21 00:00:00 2023 GMT
Not After : Mar 20 23:59:59 2024 GMT
Subject: C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.github.io
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b8:b0:60:0e:1a:2f:f1:b1:86:4b:64:ec:11:9f:
a6:79:be:e8:87:f1:88:c5:b4:49:9b:10:bb:ca:af:
ea:af:be:54:0c:78:43:7f:ca:7b:4e:45:5b:0b:24:
29:f1:bb:23:fc:19:a4:c7:6c:70:49:76:53:d3:09:
23:65:b2:48:7b:b6:1c:aa:07:1a:e2:79:1a:f9:7a:
5e:e7:16:f8:a6:4a:d5:39:a3:e2:0d:f7:57:ef:ed:
f8:08:76:5b:52:da:8b:d0:e6:1e:6e:2f:f9:0f:99:
4b:6a:52:ca:34:e1:a4:c9:20:33:d3:97:e8:7a:77:
c5:03:10:26:41:82:61:47:a2:af:c4:56:3f:76:a2:
38:cb:b2:70:ae:72:7a:43:c1:7e:27:a3:5e:d6:e3:
f6:e7:a5:30:70:bd:2a:96:27:7a:7b:fb:40:d2:57:
77:af:23:12:27:42:3a:c6:0b:6a:8c:bd:ba:2d:ee:
3f:9f:15:ee:62:57:a4:a6:95:50:af:43:b0:ac:76:
b8:e1:0e:d9:ff:56:ec:74:50:86:b5:1f:96:2c:d1:
95:05:e5:b7:05:67:93:4e:9e:f2:5a:38:1f:a7:8f:
43:5a:de:3c:57:da:48:7a:50:c6:88:38:15:c8:97:
2c:2c:ec:f8:39:09:36:bd:19:8d:03:56:41:66:07:
24:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
X509v3 Subject Key Identifier:
8D:02:1C:75:5A:CD:C6:A6:41:78:69:28:C3:F7:AA:A7:98:3B:D5:BB
X509v3 Subject Alternative Name:
DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Feb 21 15:03:41.179 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:AA:7E:67:D2:3B:C3:31:79:E5:59:FD:
F2:73:AA:A0:41:A7:E5:6A:79:10:D4:39:40:55:1B:24:
D3:3A:7E:37:7B:02:21:00:94:F4:4B:6E:E6:98:65:25:
A6:A3:62:0C:00:CF:F8:9A:3C:0B:A9:18:1C:5F:BB:53:
A4:D8:EF:86:C7:5C:70:1A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
Timestamp : Feb 21 15:03:41.162 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:82:E0:7E:5D:05:40:34:18:F6:30:F7:
09:CD:BC:FE:2C:13:EB:90:30:CE:10:ED:E8:A7:9D:A3:
74:75:12:5B:72:02:20:5D:1F:9D:87:56:AA:F7:6D:9A:
04:0D:4A:7B:35:DE:90:29:A5:D4:16:A7:8F:DF:FE:37:
AB:35:8B:24:23:B9:2B
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Feb 21 15:03:41.130 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:13:FF:00:36:A8:61:87:48:A6:6A:04:09:
BC:E3:3E:AA:13:E7:46:3D:06:75:68:23:18:E7:6A:45:
49:F7:30:F1:02:20:3F:F4:9C:8A:E6:46:D3:65:F6:98:
13:BF:9A:20:D3:DA:10:A9:E3:2E:5D:DA:C7:3B:14:4E:
4F:4E:1C:82:A5:B3
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
37:a4:1b:11:22:9f:fc:9f:c9:67:07:8f:aa:86:13:9f:e0:08:
1d:6e:0c:8d:65:fb:03:79:50:c6:76:ba:30:90:a0:a4:1c:79:
13:07:b9:5a:18:8d:97:4c:05:71:8a:d0:22:17:c6:19:a2:22:
8b:03:f6:2c:84:71:6c:55:df:e2:99:43:65:e5:d7:b7:b7:37:
4c:c6:c8:e5:f1:d8:a7:7b:07:5d:eb:b8:1c:50:a4:a3:8e:f0:
4c:f8:b8:6a:72:59:be:43:0e:8a:de:b5:5e:8f:9e:3f:5a:43:
64:82:cc:e0:de:76:f4:be:a6:12:0a:06:68:bb:77:e1:4c:ef:
4b:4d:67:af:f6:72:c7:6b:1b:9c:48:53:a7:7f:ed:76:18:5c:
f0:f6:c6:4c:24:53:57:57:e1:42:a6:3d:ae:e1:f5:93:f2:6a:
fa:29:72:01:3e:b7:06:f1:2f:1a:0e:91:c5:ec:35:bf:f5:da:
33:95:de:24:12:0d:f5:c3:23:8d:40:82:d1:5c:eb:de:0a:08:
e8:e5:83:e5:0a:8b:3a:5e:98:4e:77:4f:9f:dc:ab:7e:ce:a8:
28:4f:aa:79:4f:c9:be:8f:60:88:6e:6b:f9:20:6c:7f:38:96:
d6:da:d7:11:03:43:d8:b8:51:87:ce:32:22:4d:64:4c:c4:75:
27:d0:e3:df
from osv.dev.
Good news, this seems to be working now! My guess is there was some kind of DNS issue, because this is now correctly pointing to a Github server rather than a Google one.
https://www.shodan.io/host/185.199.109.153
from osv.dev.
Most strange. I'd love to know what it was pointing at when you were experiencing the errors...
from osv.dev.
Related Issues (20)
- Bisection should not produce zero-length commit ranges HOT 1
- Improve the UX of failed vulnerability retrieval by the API
- Can't get Content-Length info with HEAD request HOT 4
- Show ecosystem case in osv.dev
- Data quality issue with GHSA-9wx4-h78v-vm56 HOT 3
- Advisories from GuardDog HOT 2
- Calculate and display the CVSS base score
- Make it possible to visually evaluate a list of vulnerabilities by severity
- Update material web components to 1.0
- Replace pipenv with a better dependency management tool HOT 5
- API: query vulnerabilities HOT 1
- Error importing osv in Python 3.9 HOT 2
- Include Alpine and Debian security tracker links to vulnerability `references` on OSV.dev HOT 1
- Data quality issue with CVE-2024-32760 (Alpine security tracker related) HOT 1
- Display the correct affected versions when filtering by ecosystem
- combine-to-osv: Include the CWE(s) from the underlying CVE in the resultant OSV record HOT 3
- Support commit enumeration on pathologically large repositories
- Advisories deleted from REST sources not being marked as withdrawn
- Request for Lowercase ( even Space-Free ) Abbreviation for Query API Eco Name HOT 4
- GitHub Actions version matching HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from osv.dev.