我先获取 GitHub 的 ip:
> nslookup github.com 8.8.8.8
Server: dns.google
Address: 8.8.8.8
Name: github.com
Address: 13.229.188.59
这个 ip 是没问题的,位于新加坡的 Amazon,应该是个 CDN
然后测试证书:
$ openssl s_client -showcerts -servername github.com -connect 13.229.188.59:443
CONNECTED(00000005)
depth=1 C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = CA, emailAddress = 346608453@qq.com
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
0 s:C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = SERVER, emailAddress = 346608453@qq.com
i:C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = CA, emailAddress = 346608453@qq.com
省略……
就是那个诡异的 QQ 号证书。
我再找个 cloudflare 的 ip 试试( GitHub 没有使用 cloudflare 的 CDN )
$ host v2ex.com
v2ex.com has address 104.20.9.218
v2ex.com has address 104.20.10.218
v2ex.com has IPv6 address 2606:4700:10::6814:ada
v2ex.com has IPv6 address 2606:4700:10::6814:9da
同样测试证书,SNI 为 github.com ,没有被劫持:
$ openssl s_client -showcerts -servername github.com -connect 104.20.9.218:443
CONNECTED(00000005)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Domain Validation Secure Server CA 2
verify return:1
depth=0 CN = ssl509603.cloudflaressl.com
verify return:1
---
Certificate chain
0 s:CN = ssl509603.cloudflaressl.com
i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Domain Validation Secure Server CA 2
-----BEGIN CERTIFICATE-----
省略……
各位怎么看?
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.