Bug 7841 - misconfigured redirect for https://www.spamassassin.org/
Summary: misconfigured redirect for https://www.spamassassin.org/
Status: NEW
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Website/Infrastructure (show other bugs)
Version: unspecified
Hardware: PC Linux
: P2 normal
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-16 04:36 UTC by Noah Meyerhans
Modified: 2020-07-16 21:40 UTC (History)
1 user (show)



Attachment Type Modified Status Actions Submitter/CLA Status

Note You need to log in before you can comment on or make changes to this bug.
Description Noah Meyerhans 2020-07-16 04:36:07 UTC
http://www.spamassassin.org redirects to http://spamassassin.apache.org/ as expected. However, https://www.spamassassin.org/ does not. Instead, it presents a cert with CN=*.openoffice.org and serves the https://www.openoffice.org/ site content. I'd expect the https site to behave like the http site and redirect to https://spamassassin.apache.org/

$ curl -I http://www.spamassassin.org/                                                                              9:28PM; 0 jobs; 0
HTTP/1.1 301 Moved Permanently
Date: Thu, 16 Jul 2020 04:30:03 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: http://spamassassin.apache.org/
Content-Type: text/html; charset=iso-8859-1

$ curl -k -I https://www.spamassassin.org/ 
HTTP/1.1 200 OK
Date: Thu, 16 Jul 2020 04:30:32 GMT
Server: Apache/2.4.18 (Ubuntu)
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html

$ openssl s_client -connect https://www.spamassassin.org/
139877482083584:error:2008F002:BIO routines:BIO_lookup_ex:system lib:../crypto/bio/b_addr.c:726:Servname not supported for ai_socktype
connect:errno=0
$ openssl s_client -connect www.spamassassin.org:443    
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = *.openoffice.org
verify return:1
...

$ elinks -dump https://www.spamassassin.org/
   Language: [1][ _____________________________ ]
   [2]Apache OpenOffice
   [3]_____________________ [4][ search ]
   The Free and Open Productivity Suite
   [5]Apache OpenOffice 4.1.7 released

     • [6]Product
     • [7]Download
     • [8]Support
     • [9]Blog
     • [10]Extend
     • [11]Develop
     • [12]Focus Areas
     • [13]Native Language

   [14]home

                               Apache OpenOffice

     • ═══════════════════════════════════════════════════════════════════════

     • [15]I want to learn more about OpenOffice

       What is Apache OpenOffice? And why should I use it?
...
Comment 1 Kevin A. McGrail 2020-07-16 21:40:13 UTC
Thank you.  I've opened a ticket for this issue as we don't handle the infrastructure.  See https://issues.apache.org/jira/browse/INFRA-20528