Skip to content
This repository has been archived by the owner on Jun 10, 2020. It is now read-only.

Bad bug with logic around bad certificate chains #224

Merged
merged 13 commits into from
Jun 15, 2015
Merged

Bad bug with logic around bad certificate chains #224

merged 13 commits into from
Jun 15, 2015

Conversation

konklone
Copy link
Contributor

My logic that checked to see if a domain was using a bad certificate chain (which indicates the site is using HTTPS, even if it's not fully valid) failed to also make sure the domain's cert wasn't also using a bad hostname (which indicates the site is not using HTTPS, whether or not the chain is good).

The fix is in 52f82ef, which brings the number of sites that Use HTTPS down from 381 to 328, out of 1,194 domains. That goes from 31.9% to 27.4%, a loss of 4.5%, which makes the big number go from 32 to 27.

A mild silver lining is that a few of those domains actually do use HTTPS, and fixing this bug revealed a smaller bug afflicting those. Fixing that should at least bring this up to something that rounds to 28%, and since the site is currently at 31% (before deploying #221), we can limit the visual damage to 3%. I'm also in the middle of a scan of the last week since #221, which I'm hoping will lead to greater uptake.

I think the result of all this should be a part of the site, maybe part of the /about/ page, which has some prose or a list mentioning methodology changes and some progress milestones, for transparency about the changes.

Downstream of #223, which should be merged first.

konklone and others added 13 commits May 30, 2015 17:32
@konklone
refactor csv saver into own method, prepare labels
7477235
@konklone
first pass at a CSV, but I'm not sure this is helpful after all
9dcac9b
@konklone
Merge branch 'master' into csv
9163d8d
@konklone
Merge branch 'master' into csv
f2de6f8
@konklone
rename data script
5105ba4
@konklone
Merge branch 'update-2015-06-07' into csv
0dea1b5
@konklone
generate CSVs with the same display mapping as the table
61db60a
@konklone
First generation of downloadable CSVs.
e596af6
@konklone
make a datatables plugin for a CSV download and style it a bit
7e60101
@konklone
generate CSVs that match the tables
75d7e6e
@konklone
Merge branch 'update-2015-06-07' into csv
75599cb
@konklone
remove the asterisk from bad chains
29aea88
@konklone
Bug: Was saying sites used HTTPS if they had both a bad chain/name.
52f82ef 
This means ~50 domains go from Yes to No, taking it from 32 to 27%.
~5 of these should still be Yes, but are No because of other bugs
that are now revealed by removing the other bug that masked it.
@konklone konklone mentioned this pull request Jun 13, 2015
Merged
@juliaelman
Copy link
Member

Good catch! Adding a new issue to update /about/ to outline these changes and inform the user.

juliaelman pushed a commit that referenced this pull request Jun 15, 2015
Merge pull request #224 from 18F/bad-chain-bug
1f611cf 
Bad bug with logic around bad certificate chains
@juliaelman juliaelman merged commit 1f611cf into master Jun 15, 2015
@juliaelman juliaelman deleted the bad-chain-bug branch June 15, 2015 03:03
@juliaelman juliaelman mentioned this pull request Jun 15, 2015
Closed
This was referenced Jun 15, 2015
Merged
Merged
@konklone konklone mentioned this pull request Aug 17, 2016
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@konklone @juliaelman