785927 – Incorrect HTTPS SSL Certificate for download.fedora.redhat.com

Bug 785927 - Incorrect HTTPS SSL Certificate for download.fedora.redhat.com

Summary: Incorrect HTTPS SSL Certificate for download.fedora.redhat.com

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-01-30 22:07 UTC by gdestuynder
Modified:	2012-02-20 18:30 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-01-31 08:46:07 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description gdestuynder 2012-01-30 22:07:31 UTC

Hopefully this is the proper bug-product, as none would exactly match.

https://download.fedora.redhat.com SSL certificate common name is *.fedoraproject.org, which is of course invalid.

This is therefore a security issue, as one would have to trust the wildcard that points to fedoraproject, where all sites are probably not managed by RedHat.
(That's also why all browsers will produce an error/warning when hitting that URL)

Thanks!

Comment 1 Tomas Hoger 2012-01-31 08:46:07 UTC

-> https://fedorahosted.org/fedora-infrastructure/ticket/3118

Comment 2 Tomas Hoger 2012-02-20 18:30:51 UTC

(In reply to comment #1)
> -> https://fedorahosted.org/fedora-infrastructure/ticket/3118

Ticket got resolved by removing obsolete download.fedora.redhat.com alias:
https://fedorahosted.org/fedora-infrastructure/ticket/3118#comment:3
http://scrye.com/wordpress-mu/nirik/2012/02/20/please-update-your-links-download-fedora-redhat-com-dl-fedoraproject-org/

Note You need to log in before you can comment on or make changes to this bug.