Github pages 的 HTTPS 是不是出问题了?

2020-03-26 14:14:13 +08:00
 WoodenRobot

所有的 github pages 页面开启 HTTPS 的话证书都变成下面这个了?什么情况?

52286 次点击
所在节点    全球工单系统
333 条回复
littleylv
2020-03-26 14:43:09 +08:00
亲测,不番羽确实那样,番羽了只后不会
Livid
2020-03-26 14:45:12 +08:00
@WoodenRobot 那么 curl 加了 -k 之后能加载出来你网站上本来的内容么?
WoodenRobot
2020-03-26 14:46:31 +08:00
@Livid sorry, 代码块有问题
不能每个回复都有外链, 我把下面我的域名用 xxxx 代替了
$ curl -k -v xxxx
* Rebuilt URL to: xxxx
* Trying 185.199.108.153...
* TCP_NODELAY set
* Connected to xxxx (185.199.108.153) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=CN; ST=GD; L=SZ; O=COM; OU=NSP; CN=SERVER; emailAddress=346608453@qq.com
* start date: Sep 26 09:33:13 2019 GMT
* expire date: Sep 23 09:33:13 2029 GMT
* issuer: C=CN; ST=GD; L=SZ; O=COM; OU=NSP; CN=CA; emailAddress=346608453@qq.com
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> GET / HTTP/1.1
> Host: xxxx
> User-Agent: curl/7.54.0
> Accept: */*
xg4
2020-03-26 14:47:02 +08:00
+1 刚刚访问提示网站风险,还以为输错了地址,看了下证书,发现有个 qq 号的邮箱,google qq 号找到这个
liut2016
2020-03-26 14:47:24 +08:00
@Livid #22 可以加载
Windelight
2020-03-26 14:47:33 +08:00
pi@raspberrypi:~ $ curl -k -v https://zongsoft.github.io
* Expire in 0 ms for 6 (transfer 0x1a44770)
-------- Something Similar --------
* Expire in 200 ms for 1 (transfer 0x1a44770)
* Trying 185.199.111.153...
* TCP_NODELAY set
* Expire in 148365 ms for 3 (transfer 0x1a44770)
* Expire in 200 ms for 4 (transfer 0x1a44770)
* Connected to zongsoft.github.io (185.199.111.153) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=CN; ST=GD; L=SZ; O=COM; OU=NSP; CN=SERVER; emailAddress=346608453@qq.com
* start date: Sep 26 09:33:13 2019 GMT
* expire date: Sep 23 09:33:13 2029 GMT
* issuer: C=CN; ST=GD; L=SZ; O=COM; OU=NSP; CN=CA; emailAddress=346608453@qq.com
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> GET / HTTP/1.1
> Host: zongsoft.github.io
> User-Agent: curl/7.64.0
> Accept: */*
>

奇怪的是不能加载出任何内容
lovedebug
2020-03-26 14:47:35 +08:00
江苏电信测试结果也是重定向到 185.199.111.153
WoodenRobot
2020-03-26 14:49:01 +08:00
@Livid 国内访问加载不全,只能加载一部分就出现下面内容中断了,国外访问没问题

* LibreSSL SSL_read: SSL_ERROR_SYSCALL, errno 54
* stopped the pause stream!
* Closing connection 0
curl: (56) LibreSSL SSL_read: SSL_ERROR_SYSCALL, errno 54
WoodenRobot
2020-03-26 14:51:21 +08:00
@lovedebug
185.199.108.153
185.199.109.153
185.199.110.153
185.199.111.153

上面这些地址都是 GitHub pages 的服务器
AoTmmy
2020-03-26 14:51:24 +08:00
联通复现
caola
2020-03-26 14:54:01 +08:00
我的好几个域名都这样,造成无法访问,持续了大半天时间
hooon
2020-03-26 14:55:50 +08:00
@twoyuan https://i.loli.net/2020/03/25/82TVeI4WkrjS95A.png
我昨天看自己的网站,也发现了这个人的 QQ 邮箱
mcone
2020-03-26 14:57:11 +08:00
怎么感觉是中间人公鸡
LaTero
2020-03-26 14:57:51 +08:00
dns 没问题的,海外 curl --resolve xxx:443:185.199.108.153 xxxps://xxx 可以正常访问。
jiejiss
2020-03-26 14:57:53 +08:00
移动没有复现

TL;DR
issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3;
issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA

* Rebuilt URL to: https://woodenrobot.me/
* Trying 185.199.108.153...
* TCP_NODELAY set
* Connected to woodenrobot.me (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* // ... ...
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=woodenrobot.me
* start date: Feb 2 09:35:52 2020 GMT
* expire date: May 2 09:35:52 2020 GMT
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fa13b004400)
> GET / HTTP/2
> Host: woodenrobot.me
> User-Agent: curl/7.54.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
^C

* Rebuilt URL to: https://zongsoft.github.io/
* Trying 185.199.111.153...
* TCP_NODELAY set
* Connected to zongsoft.github.io (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* // ... ...
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=www.github.com
* start date: Jun 27 00:00:00 2018 GMT
* expire date: Jun 20 12:00:00 2020 GMT
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7feb0b000000)
> GET / HTTP/2
> Host: zongsoft.github.io
> User-Agent: curl/7.54.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
^C
Windelight
2020-03-26 14:58:19 +08:00
这个 ip 地址的确是连接到了 Github 的服务器,美国 GitHub#Fastly,纯真查的,然后这个证书信息有个大概的地址写的是 CN GD SZ COM NSP,QQ 号 346608453,一个哈尔滨大哥
Tomotoes
2020-03-26 15:00:58 +08:00
没有代理时 遇到了同样的问题.
错误是:" FetchEvent.respondWith received an error TypeError: 此服务器的证书无效. 您可能正在连接到一个伪装成"网址"的服务器.

嗯, 提示很明显了.

上了代理就正常了.

hah, 这件事终于要发生了嘛...
xiri
2020-03-26 15:03:26 +08:00
上面你们发的那几个地址加上代理就没有问题,国内直接访问确实证书都存在问题,有人在大范围劫持?中间人攻击?
gz911122
2020-03-26 15:06:15 +08:00
我的也是这样 ,从 google 搜到了这个帖子
SomeBottle
2020-03-26 15:09:38 +08:00
博客上了亚太 cdn 倒是没问题,大陆访问直接就证书错误了...那个 QQ 号看上去也像是顶锅的

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/656367

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX