-
-
Save f440/dfaae8123a20a6e475a2 to your computer and use it in GitHub Desktop.
| * Adding handle: conn: 0x7fdc20804000 | |
| * Adding handle: send: 0 | |
| * Adding handle: recv: 0 | |
| * Curl_addHandleToPipeline: length: 1 | |
| * - Conn 0 (0x7fdc20804000) send_pipe: 1, recv_pipe: 0 | |
| % Total % Received % Xferd Average Speed Time Time Time Current | |
| Dload Upload Total Spent Left Speed | |
| 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to pbs.twimg.com port 443 (#0) | |
| * Trying 117.18.237.139... | |
| * Connected to pbs.twimg.com (117.18.237.139) port 443 (#0) | |
| * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_RC4_128_SHA | |
| * Server certificate: *.twvid.com | |
| * Server certificate: DigiCert High Assurance CA-3 | |
| * Server certificate: DigiCert High Assurance EV Root CA | |
| > GET /media/Bxm_lleCIAAM7vR.png:large HTTP/1.0 | |
| > User-Agent: curl/7.30.0 | |
| > Host: pbs.twimg.com | |
| > Accept: */* | |
| > | |
| * HTTP 1.0, assume close after body | |
| < HTTP/1.0 200 OK | |
| < Accept-Ranges: bytes | |
| < content-md5: PnKhVEc3XU6GD9Z3RTNv7Q== | |
| < Content-Type: image/png | |
| < Date: Tue, 16 Sep 2014 10:37:44 GMT | |
| < Etag: "PnKhVEc3XU6GD9Z3RTNv7Q==" | |
| < expires: Tue, 23 Sep 2014 10:37:44 GMT | |
| < Last-Modified: Mon, 15 Sep 2014 23:00:04 GMT | |
| < Server: ECS (nrt/398F) | |
| < Vary: Accept-Encoding | |
| < X-Cache: HIT | |
| < X-Content-Type-Options: nosniff | |
| < Content-Length: 27898 | |
| < Connection: close | |
| < | |
| { [data not shown] | |
| 100 27898 100 27898 0 0 148k 0 --:--:-- --:--:-- --:--:-- 148k | |
| * Closing connection 0 |
well, nevermind
RFC 2818 says:
If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used. Although
the use of the Common Name is existing practice, it is deprecated and
Certification Authorities are encouraged to use the dNSName instead.
source: https://bugzilla.mozilla.org/show_bug.cgi?id=369112#c2
In our case:
X509v3 Subject Alternative Name:
DNS:*.twvid.com, DNS:twvid.com, DNS:si0.twimg.com, DNS:gu.twimg.com, DNS:g2.twimg.com, DNS:v.cdn.vine.co, DNS:mtc.cdn.vine.co, DNS:cdn.api.twitter.com, DNS:platform.twitter.com, DNS:preview.cdn.twitter.com, DNS:p.twimg.com, DNS:o.twimg.com, DNS:si1.twimg.com, DNS:si2.twimg.com, DNS:si3.twimg.com, DNS:si4.twimg.com, DNS:si5.twimg.com, DNS:cdn-dev.api.twitter.com, DNS:pbs.twimg.com, DNS:jp.twimg.com, DNS:abs.twimg.com, DNS:hca.twimg.com, DNS:ea.twimg.com, DNS:widgets.twimg.com, DNS:cdn.syndication.twimg.com, DNS:dnt.twimg.com, DNS:g.twimg.com, DNS:widgets.platform.twitter.com, DNS:ton.twimg.com, DNS:v.twimg.com, DNS:vmtc.twimg.com, DNS:tailfeather.twimg.com, DNS:ma.twimg.com, DNS:status.twitter.com, DNS:cdn.syndication.twitter.com, DNS:cdn.digits.com, DNS:video.twimg.com, DNS:pbs-ec.twimg.com
*.twvid.comvspbs.twimg.com? Shouldn't this fail? What am I missing?tw vid vs tw img
I would expect this to work only if
Server certificate: *.twimg.com(notice the img notvid). But maybe I don't understand how certificates work... Any corrections/help is appreciated.