Rules blocking certificate authorities

[looterz]

I noticed that while using this host file configuration, some certificate authorities were being blocked, so the certificates for twitter and certain other sites could not be verified. Would it be possible to locate and remove those specific rules, as it poses a security concern to users.

[StevenBlack]

Hi @looterz, which specific CAs are blocked?

[looterz]

Twitter's "Symantec Class 3 EV SSL CA - G3" is the one I wasn't able to verify with the hosts file installed, Chrome said it could not verify the issuer.

[FadeMind]

@StevenBlack @looterz I can't reproduce this issue. Twitter cert working as expected.
I using hosts from @StevenBlack too.

[looterz]

Yeah nevermind, re-updating the lists and reinstalling the host file fixed it, it must have been an issue with an older revision of one of the lists and got fixed already.

[looterz]

Updated hosts file again (all sources), flushed the dns cache in windows and the issue cropped back up. Removing the hosts file and re-flushing fixed the issue. The warning in chrome is that it cannot verify whether or not the certificate has been revoked on site's using symantec certs.

[StevenBlack]

@looterz Christian I'd love to help you, but I need to know the domain that's blocked for you. I can't troubleshoot this because I'm not a Windows user, and I'm not having any certificate issues.

[looterz]

@StevenBlack Thanks for watching the issue, the domain I notice the most that has issues verifying the cert is twitter, but I have seen others. Windows 10 x64, All host sources, flushing cache between updates.

[StevenBlack]

@looterz well twitter.com isn't blocked. These are the Twitter domains currently blocked:

0.0.0.0 analytics.twitter.com
0.0.0.0 urls.api.twitter.com
0.0.0.0 p.twitter.com
0.0.0.0 scribe.twitter.com

What I need to know is, what certificate-validation domain is being blocked here?