-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rules blocking certificate authorities #62
Comments
Hi @looterz, which specific CAs are blocked? |
Twitter's "Symantec Class 3 EV SSL CA - G3" is the one I wasn't able to verify with the hosts file installed, Chrome said it could not verify the issuer. |
@StevenBlack @looterz I can't reproduce this issue. Twitter cert working as expected. |
Yeah nevermind, re-updating the lists and reinstalling the host file fixed it, it must have been an issue with an older revision of one of the lists and got fixed already. |
Updated hosts file again (all sources), flushed the dns cache in windows and the issue cropped back up. Removing the hosts file and re-flushing fixed the issue. The warning in chrome is that it cannot verify whether or not the certificate has been revoked on site's using symantec certs. |
@looterz Christian I'd love to help you, but I need to know the domain that's blocked for you. I can't troubleshoot this because I'm not a Windows user, and I'm not having any certificate issues. |
@StevenBlack Thanks for watching the issue, the domain I notice the most that has issues verifying the cert is twitter, but I have seen others. Windows 10 x64, All host sources, flushing cache between updates. |
@looterz well twitter.com isn't blocked. These are the Twitter domains currently blocked:
What I need to know is, what certificate-validation domain is being blocked here? |
I noticed that while using this host file configuration, some certificate authorities were being blocked, so the certificates for twitter and certain other sites could not be verified. Would it be possible to locate and remove those specific rules, as it poses a security concern to users.
The text was updated successfully, but these errors were encountered: