Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

https://sourceof.net/ incorrect X.509 certificate #189

Open
KalleOlaviNiemitalo opened this issue Jun 12, 2023 · 7 comments
Open

https://sourceof.net/ incorrect X.509 certificate #189

KalleOlaviNiemitalo opened this issue Jun 12, 2023 · 7 comments

Comments

@KalleOlaviNiemitalo
Copy link

https://sourceof.net/ used to redirect to https://referencesource.microsoft.com/, but it now returns a certificate that is not valid for sourceof.net. According to its X509v3 Subject Alternative Name extension, the certificate is only valid for *.oneroute.microsoft.com and oneroute.microsoft.com.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:00:ad:23:7d:08:88:dc:2b:ee:99:c8:34:00:00:00:ad:23:7d
        Signature Algorithm: sha384WithRSAEncryption
        Issuer: C = US, O = Microsoft Corporation, CN = Microsoft Azure TLS Issuing CA 01
        Validity
            Not Before: May 24 10:48:49 2023 GMT
            Not After : May 18 10:48:49 2024 GMT
        Subject: C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = *.oneroute.microsoft.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3a:a1:2f:8f:d7:30:2d:9c:0d:05:67:ca:c3:
                    f3:60:b1:b1:63:cc:f7:d3:96:10:f3:e0:6d:17:b2:
                    f6:4e:fe:cd:10:95:14:fa:e8:fe:f4:0c:c3:05:57:
                    eb:93:58:03:88:ab:95:3f:06:af:86:8d:59:dc:e1:
                    75:21:78:2c:3d:d6:4d:a4:fa:bf:5f:77:f3:c5:4e:
                    5c:47:a7:84:6f:1f:81:66:65:2b:72:94:f2:86:07:
                    9f:08:3a:66:2d:5b:8a:ce:31:1a:9a:44:d5:38:40:
                    0c:34:71:68:5b:1b:c3:71:bd:1f:9b:5d:df:ca:22:
                    c2:44:ce:47:08:3c:9d:ce:52:43:5a:67:2a:61:f1:
                    e9:26:73:bb:a4:fe:9b:e5:39:4c:1a:de:eb:8a:d5:
                    e0:b5:26:57:37:02:91:5a:c3:59:c5:44:76:8f:a6:
                    14:86:4d:ba:a0:94:16:a5:10:12:cb:a9:18:08:d9:
                    0f:6b:02:69:95:18:92:3c:54:84:69:18:28:6b:f6:
                    7e:80:4a:72:bc:ea:2d:28:41:44:af:71:08:c0:87:
                    6f:ee:0a:89:04:47:ef:63:8f:ab:33:48:cf:58:83:
                    2e:43:1e:73:47:47:ab:db:23:ac:1b:e6:d5:03:c5:
                    cc:35:9e:f2:3f:9b:6f:8b:cc:31:1b:fc:05:6b:c5:
                    00:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : May 24 10:59:44.766 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:9F:79:B5:C1:7F:81:D0:0C:8F:30:EB:
                                0B:B9:DA:05:C3:FD:B5:B2:5F:5A:B4:EB:90:DC:0E:7B:
                                34:88:49:84:70:02:21:00:D9:72:B0:D9:ED:55:13:27:
                                57:5D:38:DF:C7:91:FB:2F:4F:79:B9:FD:C6:6B:C8:F2:
                                02:EA:32:96:F9:0B:D6:92
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
                                91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
                    Timestamp : May 24 10:59:44.733 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:E5:FB:78:BD:A7:DF:B6:E9:2E:C8:20:
                                56:9F:BB:9C:51:5E:36:F0:35:C2:C8:E9:58:64:26:84:
                                47:F6:34:66:7A:02:21:00:9F:82:23:CF:0B:0F:A0:74:
                                0F:F7:B8:2B:E2:AC:9A:36:56:02:47:9D:B5:A7:10:9A:
                                C2:9F:2B:BC:43:27:BD:EC
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : May 24 10:59:44.684 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:E5:ED:39:A8:59:47:1D:FE:98:A8:4E:
                                FB:02:90:2D:1B:73:1E:25:B7:56:62:25:9C:DC:00:5B:
                                46:5E:90:6E:15:02:21:00:88:4B:C8:E0:80:EE:78:1F:
                                B9:77:52:58:D8:46:37:7D:1E:49:74:69:78:F0:FB:40:
                                05:AF:7F:72:47:DF:0D:DE
            1.3.6.1.4.1.311.21.10:
                0.0
..+.......0
..+.......
            1.3.6.1.4.1.311.21.7:
                0-.%+.....7.........F...........]...i...>..d..&
            Authority Information Access:
                CA Issuers - URI:http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2001%20-%20xsign.crt
                OCSP - URI:http://oneocsp.microsoft.com/ocsp

            X509v3 Subject Key Identifier:
                1D:A8:FD:F0:7C:0A:EC:6D:D5:4D:E0:23:67:CF:9E:62:80:0C:57:48
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Subject Alternative Name:
                DNS:*.oneroute.microsoft.com, DNS:oneroute.microsoft.com
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20TLS%20Issuing%20CA%2001.crl

            X509v3 Certificate Policies:
                Policy: 1.3.6.1.4.1.311.76.509.1.1
                  CPS: http://www.microsoft.com/pkiops/Docs/Repository.htm
                Policy: 2.23.140.1.2.2

            X509v3 Authority Key Identifier:
                keyid:0F:20:5D:D7:A1:57:95:DB:92:CF:2B:D0:C7:C2:77:04:CE:72:80:76

            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication
    Signature Algorithm: sha384WithRSAEncryption
         43:0f:80:73:1c:5e:f2:9f:d5:f1:c3:b3:47:4d:68:d1:40:33:
         b2:cb:01:da:33:93:b6:68:fe:dc:9b:ae:db:8f:28:6a:73:16:
         99:7f:46:68:43:42:5b:6a:e3:6f:39:70:7c:ff:e7:c0:4f:8e:
         e3:cc:60:88:58:93:02:72:b5:cb:a7:08:14:3f:f7:14:e2:e5:
         f5:de:88:56:18:bb:66:b2:a7:d6:e2:9a:0b:cc:3d:ae:6b:26:
         46:2f:5f:cf:5d:85:99:f0:86:df:85:4a:b7:6c:e7:2d:4a:fa:
         ca:ed:2e:56:d4:80:2b:1c:26:03:69:1d:31:2a:4f:b1:08:62:
         7e:f7:e0:8c:21:3b:4d:67:a8:2e:f0:2a:2f:34:07:fb:76:76:
         ce:e8:90:9e:4b:2b:1e:1f:51:5e:e5:a0:f9:de:5a:96:71:57:
         2e:4d:2c:fe:7d:11:3f:06:b6:4b:5d:9d:60:1a:44:d1:30:2f:
         2f:37:07:30:f7:26:82:0d:b3:64:1e:c1:11:70:a2:21:d6:8c:
         59:f0:0e:b1:bd:c1:91:96:19:86:04:51:b2:ae:03:5e:66:ff:
         a6:f2:9d:25:da:e3:84:1d:f7:9b:55:48:f6:c3:96:79:2b:55:
         13:67:ba:aa:37:d6:66:8e:8d:07:ff:15:3f:29:e6:3a:c1:13:
         8d:61:43:cc:46:ed:26:75:b1:bb:68:e1:e8:49:89:a5:b1:87:
         0a:2a:5e:e7:e5:91:60:74:54:46:50:ed:df:44:45:18:b4:49:
         de:fd:00:e3:a7:6b:ea:66:79:9f:e1:56:4f:a7:31:32:2b:6c:
         ea:20:46:2c:d6:b4:e1:2a:70:6d:30:c4:e5:9b:2a:15:68:48:
         c8:f5:8c:55:07:9f:64:b8:10:3b:ca:dc:90:15:91:45:8b:26:
         a8:d4:9f:4a:a6:1e:56:ce:25:82:b2:ea:e2:9d:95:2d:65:d3:
         a3:b1:53:cb:ce:50:26:9a:5e:27:61:e5:dc:02:cb:62:2c:f2:
         be:47:9f:37:65:0c:de:be:04:ec:5f:cc:9d:4e:e9:2c:77:92:
         f6:f1:ec:41:0d:35:de:5c:e3:1a:d1:2b:d4:7a:a3:29:3d:7d:
         1e:e1:a7:2f:19:ab:3e:ad:a2:cc:2d:a9:0b:be:0c:b9:b0:6b:
         64:d4:f5:95:5a:58:b2:c5:fd:b7:46:60:9c:71:60:a8:34:9e:
         3c:8b:63:d7:82:eb:d6:8c:05:d7:ba:6d:69:0b:15:28:67:a5:
         2e:ca:0f:95:7b:a4:29:c5:02:c3:35:34:de:f7:40:b1:5d:e3:
         47:03:7b:c2:39:f0:eb:3e:29:9e:66:e6:9c:92:d6:03:1a:1b:
         27:b3:33:83:eb:fc:c4:7f
-----BEGIN CERTIFICATE-----
MIIIgDCCBmigAwIBAgITMwCtI30IiNwr7pnINAAAAK0jfTANBgkqhkiG9w0BAQwF
ADBZMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MSowKAYDVQQDEyFNaWNyb3NvZnQgQXp1cmUgVExTIElzc3VpbmcgQ0EgMDEwHhcN
MjMwNTI0MTA0ODQ5WhcNMjQwNTE4MTA0ODQ5WjBvMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCV0ExEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD
b3Jwb3JhdGlvbjEhMB8GA1UEAwwYKi5vbmVyb3V0ZS5taWNyb3NvZnQuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDqhL4/XMC2cDQVnysPzYLGx
Y8z305YQ8+BtF7L2Tv7NEJUU+uj+9AzDBVfrk1gDiKuVPwavho1Z3OF1IXgsPdZN
pPq/X3fzxU5cR6eEbx+BZmUrcpTyhgefCDpmLVuKzjEamkTVOEAMNHFoWxvDcb0f
m13fyiLCRM5HCDydzlJDWmcqYfHpJnO7pP6b5TlMGt7ritXgtSZXNwKRWsNZxUR2
j6YUhk26oJQWpRASy6kYCNkPawJplRiSPFSEaRgoa/Z+gEpyvOotKEFEr3EIwIdv
7gqJBEfvY4+rM0jPWIMuQx5zR0er2yOsG+bVA8XMNZ7yP5tvi8wxG/wFa8UA8QID
AQABo4IEKTCCBCUwggGBBgorBgEEAdZ5AgQCBIIBcQSCAW0BawB3AHb/iD8KtvuV
UcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABiE1qL/4AAAQDAEgwRgIhAJ95tcF/
gdAMjzDrC7naBcP9tbJfWrTrkNwOezSISYRwAiEA2XKw2e1VEydXXTjfx5H7L095
uf3Ga8jyAuoylvkL1pIAdwDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7
qwAAAYhNai/dAAAEAwBIMEYCIQDl+3i9p9+26S7IIFafu5xRXjbwNcLI6VhkJoRH
9jRmegIhAJ+CI88LD6B0D/e4K+KsmjZWAkedtacQmsKfK7xDJ73sAHcA7s3QZNXb
Gs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGITWovrAAABAMASDBGAiEA5e05
qFlHHf6YqE77ApAtG3MeJbdWYiWc3ABbRl6QbhUCIQCIS8jggO54H7l3UljYRjd9
Hkl0aXjw+0AFr39yR98N3jAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoG
CCsGAQUFBwMBMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIe91xuB5+tGgoGd
Lo7QDIfw2h1dgoTlaYLzpz4CAWQCASYwga4GCCsGAQUFBwEBBIGhMIGeMG0GCCsG
AQUFBzAChmFodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01p
Y3Jvc29mdCUyMEF6dXJlJTIwVExTJTIwSXNzdWluZyUyMENBJTIwMDElMjAtJTIw
eHNpZ24uY3J0MC0GCCsGAQUFBzABhiFodHRwOi8vb25lb2NzcC5taWNyb3NvZnQu
Y29tL29jc3AwHQYDVR0OBBYEFB2o/fB8Cuxt1U3gI2fPnmKADFdIMA4GA1UdDwEB
/wQEAwIFoDA7BgNVHREENDAyghgqLm9uZXJvdXRlLm1pY3Jvc29mdC5jb22CFm9u
ZXJvdXRlLm1pY3Jvc29mdC5jb20wDAYDVR0TAQH/BAIwADBkBgNVHR8EXTBbMFmg
V6BVhlNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3Nv
ZnQlMjBBenVyZSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDAxLmNybDBmBgNVHSAE
XzBdMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1p
Y3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQIC
MB8GA1UdIwQYMBaAFA8gXdehV5Xbks8r0MfCdwTOcoB2MB0GA1UdJQQWMBQGCCsG
AQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQwFAAOCAgEAQw+Acxxe8p/V8cOz
R01o0UAzsssB2jOTtmj+3Juu248oanMWmX9GaENCW2rjbzlwfP/nwE+O48xgiFiT
AnK1y6cIFD/3FOLl9d6IVhi7ZrKn1uKaC8w9rmsmRi9fz12FmfCG34VKt2znLUr6
yu0uVtSAKxwmA2kdMSpPsQhifvfgjCE7TWeoLvAqLzQH+3Z2zuiQnksrHh9RXuWg
+d5alnFXLk0s/n0RPwa2S12dYBpE0TAvLzcHMPcmgg2zZB7BEXCiIdaMWfAOsb3B
kZYZhgRRsq4DXmb/pvKdJdrjhB33m1VI9sOWeStVE2e6qjfWZo6NB/8VPynmOsET
jWFDzEbtJnWxu2jh6EmJpbGHCipe5+WRYHRURlDt30RFGLRJ3v0A46dr6mZ5n+FW
T6cxMits6iBGLNa04SpwbTDE5ZsqFWhIyPWMVQefZLgQO8rckBWRRYsmqNSfSqYe
Vs4lgrLq4p2VLWXTo7FTy85QJppeJ2Hl3ALLYizyvkefN2UM3r4E7F/MnU7pLHeS
9vHsQQ013lzjGtEr1HqjKT19HuGnLxmrPq2izC2pC74MubBrZNT1lVpYssX9t0Zg
nHFgqDSePItj14Lr1owF17ptaQsVKGelLsoPlXukKcUCwzU03vdAsV3jRwN7wjnw
6z4pnmbmnJLWAxobJ7Mzg+v8xH8=
-----END CERTIFICATE-----
@KalleOlaviNiemitalo
Copy link
Author

Reproduces with Mozilla Firefox 102.12.0esr, and with Microsoft Edge 114.0.1823.41.

@KalleOlaviNiemitalo
Copy link
Author

Reported to refsrcfeedback@microsoft.com as well.

@mairaw
Copy link
Member

mairaw commented Jun 12, 2023

@terrajobst @ChrisSfanos do you know who handles the certificates for that site sourceof.net?

@ChrisSfanos
Copy link
Member

unfortunately no. And double bummer it's not one of the two sites we are taking ownership of

@terrajobst
Copy link
Member

I believe I bought that domain a long time ago, even before we did .NET Core and transferred that domain to Microsoft. I was sure @ChrisSfanos would know about it.

@richlander any idea who else would know about this?

@ChrisSfanos
Copy link
Member

So I know about the domain, but I can't find any record of the certificate (I checked and I couldn't find anything in SSLAdmin), which is what I was hunting for.

@KalleOlaviNiemitalo
Copy link
Author

Now I'm not sure whether the site ever had a certificate for sourceof.net. The announcement at https://devblogs.microsoft.com/dotnet/how-your-feedback-is-shaping-net/ links to http://sourceof.net/ (which works fine, no HSTS) rather than https://sourceof.net/.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ChrisSfanos @terrajobst @mairaw @KalleOlaviNiemitalo