Last active
January 17, 2023 01:18
Revisions
-
tomac4t created this gist
Jan 1, 1970 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,787 @@ # Github MITM ## openssl ```bash $ openssl s_client -connect pages.github.com:443 -showcerts CONNECTED(00000003) depth=1 C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = CA, emailAddress = [email protected] verify error:num=19:self signed certificate in certificate chain verify return:1 depth=1 C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = CA, emailAddress = [email protected] verify return:1 depth=0 C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = SERVER, emailAddress = [email protected] verify return:1 --- Certificate chain 0 s:C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = SERVER, emailAddress = [email protected] i:C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = CA, emailAddress = [email protected] -----BEGIN CERTIFICATE----- MIIB4TCCAYcCFDjGwZUOfrr1+SWHR5GxJ/rwXsHZMAoGCCqGSM49BAMCMHExCzAJ BgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCU1oxDDAKBgNVBAoMA0NP TTEMMAoGA1UECwwDTlNQMQswCQYDVQQDDAJDQTEfMB0GCSqGSIb3DQEJARYQMzQ2 NjA4NDUzQHFxLmNvbTAeFw0xOTA5MjYwOTMzMTNaFw0yOTA5MjMwOTMzMTNaMHUx CzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCU1oxDDAKBgNVBAoM A0NPTTEMMAoGA1UECwwDTlNQMQ8wDQYDVQQDDAZTRVJWRVIxHzAdBgkqhkiG9w0B CQEWEDM0NjYwODQ1M0BxcS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASJ 27aMaVclvmdT8m6l98K999FM4dYTg4ag0627S2bxbLYHyLdQ0jqay5kA9KCF9Ucw uzcqtTrNERlLIsxDGkLjMAoGCCqGSM49BAMCA0gAMEUCIH1+jEiQTVA+siP2g9kw ITFZZINVKyET48788OSCLK1hAiEA+c5bJvnrdtZ1rbsLXJWtglkXSeBaHy5Wdt7w dGc7McM= -----END CERTIFICATE----- 1 s:C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = CA, emailAddress = [email protected] i:C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = CA, emailAddress = [email protected] -----BEGIN CERTIFICATE----- MIICNzCCAd2gAwIBAgIUD6UJah0ReDrJIuxhqrTa0CAAbAMwCgYIKoZIzj0EAwIw cTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjEMMAoGA1UE CgwDQ09NMQwwCgYDVQQLDANOU1AxCzAJBgNVBAMMAkNBMR8wHQYJKoZIhvcNAQkB FhAzNDY2MDg0NTNAcXEuY29tMB4XDTE5MDkyNjA5MzIzN1oXDTI5MDkyMzA5MzIz N1owcTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjEMMAoG A1UECgwDQ09NMQwwCgYDVQQLDANOU1AxCzAJBgNVBAMMAkNBMR8wHQYJKoZIhvcN AQkBFhAzNDY2MDg0NTNAcXEuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE qZ26n2ml6hcyf+NS0TP8PSZ1qlFzUb/tpr6Wb6zE9cSzkGOXej0ddI3sNvq/bLzk LLvaQLEzaIFyRDY6fcSQ36NTMFEwHQYDVR0OBBYEFKv8Ri5sjN4WZoaWvK/h9Yf+ zhVyMB8GA1UdIwQYMBaAFKv8Ri5sjN4WZoaWvK/h9Yf+zhVyMA8GA1UdEwEB/wQF MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhANFUxlZxx3dfmxEu1I0huK9eY/IPl6Xz AsUXUQZN2QPXAiACddgQK7I4I86sjPwjCMafPES9LkV/whcFV60LlAftaQ== -----END CERTIFICATE----- --- Server certificate subject=C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = SERVER, emailAddress = [email protected] issuer=C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = CA, emailAddress = [email protected] --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1498 bytes and written 401 bytes Verification error: self signed certificate in certificate chain --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: 2274C4FEC5091D20AF8A4B88392E16F5EFE28D1EADC9EEC3DB17F9C6052B796F Session-ID-ctx: Master-Key: A53CC610A4F028A191673F6D747B058D85ED2E54DAE688F22D622313612CF8202285453D9418FCA167D35C5DCF20FB3D PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 72 b4 ef e8 0a d4 24 25-9a f8 96 27 b2 26 7b 28 r.....$%...'.&{( 0010 - ca 11 e0 18 15 4f cd 45-a8 1c 59 45 26 35 13 88 .....O.E..YE&5.. 0020 - a1 18 27 60 2a 0d 29 3e-a0 61 ce d1 0f c6 6a 63 ..'`*.)>.a....jc 0030 - d6 71 4b 4e 03 1f e1 d0-2e ed 3f 23 e7 c9 ee 7d .qKN......?#...} 0040 - cb 87 75 0a 11 5a ca a8-dc b9 7c 58 19 ce 8b c9 ..u..Z....|X.... 0050 - 21 d6 a6 23 9d 71 80 04-d4 02 1c 2c 31 88 25 71 !..#.q.....,1.%q 0060 - 4e 83 51 ff 3d 3e c7 54-f2 c9 61 83 e0 a6 49 4f N.Q.=>.T..a...IO 0070 - ce 41 60 74 98 0e 9a 47-45 ea d9 db 81 98 c8 6a .A`t...GE......j 0080 - 38 72 25 e5 37 48 44 e3-64 61 3a 5e 24 46 84 42 8r%.7HD.da:^$F.B 0090 - a3 f0 93 9d 5c 2c 33 f3-68 15 8a 7b 86 eb 44 27 ....\,3.h..{..D' Start Time: 1585217626 Timeout : 7200 (sec) Verify return code: 19 (self signed certificate in certificate chain) Extended master secret: yes --- ^C ``` ## curl ```bash $ curl -v https://pages.github.com/ * Trying 185.199.108.153:443... * Connected to pages.github.com (185.199.108.153) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: self signed certificate in certificate chain * Closing connection 0 curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. ``` ```bash $ curl -v https://pages.github.com/ -k * Trying 185.199.109.153:443... * Connected to pages.github.com (185.199.109.153) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256 * ALPN, server did not agree to a protocol * Server certificate: * subject: C=CN; ST=GD; L=SZ; O=COM; OU=NSP; CN=SERVER; [email protected] * start date: Sep 26 09:33:13 2019 GMT * expire date: Sep 23 09:33:13 2029 GMT * issuer: C=CN; ST=GD; L=SZ; O=COM; OU=NSP; CN=CA; [email protected] * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway. > GET / HTTP/1.1 > Host: pages.github.com > User-Agent: curl/7.69.1 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Connection: keep-alive < Content-Length: 14770 < Server: GitHub.com < Content-Type: text/html; charset=utf-8 < Last-Modified: Fri, 28 Feb 2020 19:30:14 GMT < ETag: "5e596a46-39b2" < Access-Control-Allow-Origin: * < Expires: Sun, 22 Mar 2020 05:36:10 GMT < Cache-Control: max-age=600 < X-Proxy-Cache: MISS < X-GitHub-Request-Id: D4D8:0B19:1A847A:1D9454:5E76F6F2 < Accept-Ranges: bytes < Date: Thu, 26 Mar 2020 08:59:39 GMT < Via: 1.1 varnish < Age: 466 < X-Served-By: cache-lax8650-LAX < X-Cache: HIT < X-Cache-Hits: 2 < X-Timer: S1585213180.544170,VS0,VE0 < Vary: Accept-Encoding < X-Fastly-Request-ID: 09634ded67a3f65684c658614bc5bb32c037f146 < <!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <link rel="icon" type="image/x-icon" href="/favicon.ico" /> <link type="text/css" href="/css/pages.css" media="all" rel="stylesheet"> <!-- Begin Jekyll SEO tag v2.6.1 --> <title>GitHub Pages | Websites for you and your projects, hosted directly from your GitHub repository. Just edit, push, and your changes are live.</title> <meta name="generator" content="Jekyll v3.8.5" /> <meta property="og:title" content="GitHub Pages" /> <meta property="og:locale" content="en_US" /> <meta name="description" content="Websites for you and your projects, hosted directly from your GitHub repository. Just edit, push, and your changes are live." /> <meta property="og:description" content="Websites for you and your projects, hosted directly from your GitHub repository. Just edit, push, and your changes are live." /> <link rel="canonical" href="https://pages.github.com/" /> <meta property="og:url" content="https://pages.github.com/" /> <meta property="og:site_name" content="GitHub Pages" /> <meta name="twitter:card" content="summary" /> <meta property="twitter:title" content="GitHub Pages" /> <meta name="twitter:site" content="@github" /> <script type="application/ld+json"> {"@type":"WebSite","url":"https://pages.github.com/","name":"GitHub Pages","headline":"GitHub Pages","description":"Websites for you and your projects, hosted directly from your GitHub repository. Just edit, push, and your changes are live.","@context":"https://schema.org"}</script> <!-- End Jekyll SEO tag --> </head> <body class="home "> <section id="hero-spot" class="hero-spot"> <a href="/"><img src="/images/logo.svg" alt="GitHub Pages" class="logo" /></a> <h1>Websites for you and your projects.</h1> <h2>Hosted directly from your <a href="https://github.com">GitHub repository</a>. Just edit, push, and your changes are live.</h2> <a href="https://help.github.com/pages/" class="help-link">Pages Help</a> <div id="slideshow"> <img src="/images/slideshow/bootstrap.png" alt="Bootstrap" class="slide active" width="893" /> </div> </section> <section id="video" class="video"> <h1>What is GitHub Pages?</h1> <iframe width="853" height="480" src="https://www.youtube.com/embed/2MsN8gpT6jY?showinfo=0" frameborder="0" allowfullscreen></iframe> </section> <section id="tutorial" class="tutorial"> <h1>Ready to get started? Build your own site from scratch or generate one for your project.</h1> <h2>You get one site per GitHub account and organization, <br />and unlimited project sites. Let‘s get started.</h2> <ul class="tabs"> <li><a href="#user-site" class="selected">User or organization site</a></li> <li><a href="#project-site">Project site</a></li> </ul> <!-- ### Start of tutorials --> <ul id="user-site" class="tutorial-list wrapper active"> <li id="create-repo-step" class="image-right"> <h4>Create a repository</h4> <p>Head over to <a href="https://github.com">GitHub</a> and <a data-proofer-ignore="true" href="https://github.com/new">create a new repository</a> named <em>username</em>.github.io, where <em>username</em> is your username (or organization name) on GitHub.</p> <p class="details">If the first part of the repository doesn’t exactly match your username, it won’t work, so make sure to get it right.</p> </li> <li class="question"> <h4>What git client are you using?</h4> <ul class="tabs"> <li><a id="option-terminal" href="#terminal-step-1" class="selected">A terminal</a></li> <li><a id="option-desktop" href="#setup-in-desktop">GitHub Desktop</a></li> <li><a id="option-newuser" href="#new-user-step-1">I don't know</a></li> </ul> </li> <li id="new-user-step-1" class="option-newuser"> <h4>Download GitHub Desktop</h4> <p>GitHub Desktop is a great way to use Git and GitHub on macOS and Windows.</p> <a class="desktop-download" href="https://desktop.github.com"><span class="icon"></span>Download GitHub Desktop</a> <img src="images/[email protected]" width="1054" alt="GitHub Desktop screenshot" class="full-size" /> </li> <li id="terminal-step-1" class="option-terminal"> <h4>Clone the repository</h4> <p>Go to the folder where you want to store your project, and clone the new repository:</p> <div class="terminal"> <div class="header"></div> <div class="shell"> <p><span class="path">~</span><span class="prompt">$</span>git clone https://github.com/<em>username</em>/<em>username</em>.github.io</p> </div> </div> </li> <li id="setup-in-desktop" class="option-desktop image-right"> <h4>Clone the repository</h4> <p>Click the "Set up in Desktop" button. When the GitHub desktop app opens, save the project.</p> <p class="details">If the app doesn't open, launch it and clone the repository from the app.</p> </li> <li id="setup-in-desktop" class="option-newuser image-right"> <h4>Clone the repository</h4> <p>After finishing the installation, head back to GitHub.com and refresh the page. Click the "Set up in Desktop" button. When the GitHub desktop app opens, save the project.</p> <p class="details">If the app doesn't open, launch it and clone the repository from the app.</p> </li> <li class="option-terminal"> <h4>Hello World</h4> <p>Enter the project folder and add an index.html file:</p> <div class="terminal"> <div class="header"></div> <div class="shell"> <p><span class="path">~</span><span class="prompt">$</span>cd <em>username</em>.github.io</p> <p><span class="path">~</span><span class="prompt">$</span>echo "Hello World" > index.html</p> </div> </div> </li> <li class="option-desktop option-newuser"> <h4>Create an index file</h4> <p>Grab your favorite text editor and add an index.html file to your project:</p> <div class="terminal"> <div class="header">index.html</div> <code class="shell"> <pre><!DOCTYPE html> <html> <body> <h1>Hello World</h1> <p>I'm hosted with GitHub Pages.</p> </body> </html></pre> </code> </li> <li class="option-terminal"> <h4>Push it</h4> <p>Add, commit, and push your changes:</p> <div class="terminal"> <div class="header"></div> <div class="shell"> <p><span class="path">~</span><span class="prompt">$</span>git add --all</p> <p><span class="path">~</span><span class="prompt">$</span>git commit -m "Initial commit"</p> * BoringSSL SSL_read: Connection timed out, errno 110 * Closing connection 0 curl: (56) BoringSSL SSL_read: Connection timed out, errno 110 <p><span class="path">~</span><span class="prompt">$</span>git push -u origin ``` ## Certificates ```bash $ openssl x509 -text -in MITM-CA.crt Certificate: Data: Version: 3 (0x2) Serial Number: 0f:a5:09:6a:1d:11:78:3a:c9:22:ec:61:aa:b4:da:d0:20:00:6c:03 Signature Algorithm: ecdsa-with-SHA256 Issuer: C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = CA, emailAddress = [email protected] Validity Not Before: Sep 26 09:32:37 2019 GMT Not After : Sep 23 09:32:37 2029 GMT Subject: C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = CA, emailAddress = [email protected] Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:a9:9d:ba:9f:69:a5:ea:17:32:7f:e3:52:d1:33: fc:3d:26:75:aa:51:73:51:bf:ed:a6:be:96:6f:ac: c4:f5:c4:b3:90:63:97:7a:3d:1d:74:8d:ec:36:fa: bf:6c:bc:e4:2c:bb:da:40:b1:33:68:81:72:44:36: 3a:7d:c4:90:df ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Subject Key Identifier: AB:FC:46:2E:6C:8C:DE:16:66:86:96:BC:AF:E1:F5:87:FE:CE:15:72 X509v3 Authority Key Identifier: keyid:AB:FC:46:2E:6C:8C:DE:16:66:86:96:BC:AF:E1:F5:87:FE:CE:15:72 X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: ecdsa-with-SHA256 30:45:02:21:00:d1:54:c6:56:71:c7:77:5f:9b:11:2e:d4:8d: 21:b8:af:5e:63:f2:0f:97:a5:f3:02:c5:17:51:06:4d:d9:03: d7:02:20:02:75:d8:10:2b:b2:38:23:ce:ac:8c:fc:23:08:c6: 9f:3c:44:bd:2e:45:7f:c2:17:05:57:ad:0b:94:07:ed:69 -----BEGIN CERTIFICATE----- MIICNzCCAd2gAwIBAgIUD6UJah0ReDrJIuxhqrTa0CAAbAMwCgYIKoZIzj0EAwIw cTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjEMMAoGA1UE CgwDQ09NMQwwCgYDVQQLDANOU1AxCzAJBgNVBAMMAkNBMR8wHQYJKoZIhvcNAQkB FhAzNDY2MDg0NTNAcXEuY29tMB4XDTE5MDkyNjA5MzIzN1oXDTI5MDkyMzA5MzIz N1owcTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjEMMAoG A1UECgwDQ09NMQwwCgYDVQQLDANOU1AxCzAJBgNVBAMMAkNBMR8wHQYJKoZIhvcN AQkBFhAzNDY2MDg0NTNAcXEuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE qZ26n2ml6hcyf+NS0TP8PSZ1qlFzUb/tpr6Wb6zE9cSzkGOXej0ddI3sNvq/bLzk LLvaQLEzaIFyRDY6fcSQ36NTMFEwHQYDVR0OBBYEFKv8Ri5sjN4WZoaWvK/h9Yf+ zhVyMB8GA1UdIwQYMBaAFKv8Ri5sjN4WZoaWvK/h9Yf+zhVyMA8GA1UdEwEB/wQF MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhANFUxlZxx3dfmxEu1I0huK9eY/IPl6Xz AsUXUQZN2QPXAiACddgQK7I4I86sjPwjCMafPES9LkV/whcFV60LlAftaQ== -----END CERTIFICATE----- ``` ```bash $ openssl x509 -text -in MITM-SERVER.crt Certificate: Data: Version: 1 (0x0) Serial Number: 38:c6:c1:95:0e:7e:ba:f5:f9:25:87:47:91:b1:27:fa:f0:5e:c1:d9 Signature Algorithm: ecdsa-with-SHA256 Issuer: C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = CA, emailAddress = [email protected] Validity Not Before: Sep 26 09:33:13 2019 GMT Not After : Sep 23 09:33:13 2029 GMT Subject: C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = SERVER, emailAddress = [email protected] Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:89:db:b6:8c:69:57:25:be:67:53:f2:6e:a5:f7: c2:bd:f7:d1:4c:e1:d6:13:83:86:a0:d3:ad:bb:4b: 66:f1:6c:b6:07:c8:b7:50:d2:3a:9a:cb:99:00:f4: a0:85:f5:47:30:bb:37:2a:b5:3a:cd:11:19:4b:22: cc:43:1a:42:e3 ASN1 OID: prime256v1 NIST CURVE: P-256 Signature Algorithm: ecdsa-with-SHA256 30:45:02:20:7d:7e:8c:48:90:4d:50:3e:b2:23:f6:83:d9:30: 21:31:59:64:83:55:2b:21:13:e3:ce:fc:f0:e4:82:2c:ad:61: 02:21:00:f9:ce:5b:26:f9:eb:76:d6:75:ad:bb:0b:5c:95:ad: 82:59:17:49:e0:5a:1f:2e:56:76:de:f0:74:67:3b:31:c3 -----BEGIN CERTIFICATE----- MIIB4TCCAYcCFDjGwZUOfrr1+SWHR5GxJ/rwXsHZMAoGCCqGSM49BAMCMHExCzAJ BgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCU1oxDDAKBgNVBAoMA0NP TTEMMAoGA1UECwwDTlNQMQswCQYDVQQDDAJDQTEfMB0GCSqGSIb3DQEJARYQMzQ2 NjA4NDUzQHFxLmNvbTAeFw0xOTA5MjYwOTMzMTNaFw0yOTA5MjMwOTMzMTNaMHUx CzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCU1oxDDAKBgNVBAoM A0NPTTEMMAoGA1UECwwDTlNQMQ8wDQYDVQQDDAZTRVJWRVIxHzAdBgkqhkiG9w0B CQEWEDM0NjYwODQ1M0BxcS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASJ 27aMaVclvmdT8m6l98K999FM4dYTg4ag0627S2bxbLYHyLdQ0jqay5kA9KCF9Ucw uzcqtTrNERlLIsxDGkLjMAoGCCqGSM49BAMCA0gAMEUCIH1+jEiQTVA+siP2g9kw ITFZZINVKyET48788OSCLK1hAiEA+c5bJvnrdtZ1rbsLXJWtglkXSeBaHy5Wdt7w dGc7McM= -----END CERTIFICATE----- ``` ## Affected websites - [x] pages.github.com (AS54113 FASTLY) - [x] *.github.io (AS54113 FASTLY) ```bash $ curl -v https://github.io/ * Trying 185.199.108.153:443... * connect to 185.199.108.153 port 443 failed: Connection timed out * Trying 185.199.109.153:443... * Connected to github.io (185.199.109.153) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: self signed certificate in certificate chain * Closing connection 0 curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. ``` - [x] desktop.github.com (AS54113 FASTLY) ```bash $ curl -v https://desktop.github.com/ * Trying 185.199.111.153:443... * Connected to desktop.github.com (185.199.111.153) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: self signed certificate in certificate chain * Closing connection 0 curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. ``` - [x] githubstatus.com (AS54113 FASTLY) ```bash $ curl -v https://githubstatus.com/ * Trying 185.199.108.153:443... * Connected to githubstatus.com (185.199.108.153) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: self signed certificate in certificate chain * Closing connection 0 curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. ``` - [x] developer.github.com (AS54113 FASTLY) - [x] services.github.com (AS54113 FASTLY) - [ ] www.githubstatus.com (AS16509 AMAZON-02) - [ ] github.com (AS16509 AMAZON-02) - [ ] api.github.com (AS16509 AMAZON-02) - [ ] gist.github.com (AS36459 GITHUB) - [ ] live.github.com (AS36459 GITHUB) - [ ] avatars0.githubusercontent.com (AS54113 FASTLY) - [ ] avatars1.githubusercontent.com (AS54113 FASTLY) - [ ] avatars2.githubusercontent.com (AS54113 FASTLY) - [ ] camo.githubusercontent.com (AS54113 FASTLY) - [ ] github.githubassets.com (AS54113 FASTLY) - [ ] raw.githubusercontent.com (AS54113 FASTLY) - [x] www.jd.com ## Affected IPs - [x] 185.199.108.153 (AS54113 FASTLY) - [x] 185.199.109.153 (AS54113 FASTLY) - [x] 185.199.110.153 (AS54113 FASTLY) - [x] 185.199.111.153 (AS54113 FASTLY) - [x] 157.185.169.208 (AS54994 QUANTILNETWORKS) ``` $ curl --resolve "www.jd.com:443:157.185.169.208" https://www.jd.com/ -vk * Added www.jd.com:443:157.185.169.208 to DNS cache * Hostname www.jd.com was found in DNS cache * Trying 157.185.169.208:443... * Connected to www.jd.com (157.185.169.208) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256 * ALPN, server did not agree to a protocol * Server certificate: * subject: C=CN; ST=GD; L=SZ; O=COM; OU=NSP; CN=SERVER; [email protected] * start date: Sep 26 09:33:13 2019 GMT * expire date: Sep 23 09:33:13 2029 GMT * issuer: C=CN; ST=GD; L=SZ; O=COM; OU=NSP; CN=CA; [email protected] * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway. > GET / HTTP/1.1 > Host: www.jd.com > User-Agent: curl/7.69.1 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Date: Thu, 26 Mar 2020 17:01:07 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 106601 < Connection: keep-alive < Expires: Thu, 26 Mar 2020 17:01:37 GMT < Server: nginx/1.10.3-35 < Cache-Control: max-age=30 < ser: 13.216 < Via: BJ-H-NX-103(HIT), http/1.1 HK-IX-1-PIX-11 ( [cRs f ]) < Strict-Transport-Security: max-age=7776000 < X-Via: 1.1 PSmgdlsDAL1sw154:2 (Cdn Cache Server V2.0), 1.1 PSmglsjLAX2kb133:5 (Cdn Cache Server V2.0) < X-Ws-Request-Id: 5e7cdfd3_PSmglsjLAX2au13_37326-12633 < <!DOCTYPE html> <html> <head> <meta charset="utf8" version='1'/> <title>京东(JD.COM)-正品低价、品质保障、配送及时、轻松购物!</title> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=yes"/> <meta name="description" content="京东JD.COM-专业的综合网上购物商城,销售家电、数码通讯、电脑、家居百货、服装服饰、母婴、图书、食品等数万个品牌优质商品.便捷、诚信的服务,为您提供愉悦的网上购物体验!"/> <meta name="Keywords" content="网上购物,网上商城,手机,笔记本,电脑,MP3,CD,VCD,DV,相机,数码,配件,手表,存储卡,京东"/> <script type="text/javascript"> window.point = {} window.point.start = new Date().getTime() </script> <link rel="dns-prefetch" href="//static.360buyimg.com"/> <link rel="dns-prefetch" href="//misc.360buyimg.com"/> <link rel="dns-prefetch" href="//img10.360buyimg.com"/> <link rel="dns-prefetch" href="//img11.360buyimg.com"/> <link rel="dns-prefetch" href="//img12.360buyimg.com"/> <link rel="dns-prefetch" href="//img13.360buyimg.com"/> <link rel="dns-prefetch" href="//img14.360buyimg.com"/> <link rel="dns-prefetch" href="//img20.360buyimg.com"/> <link rel="dns-prefetch" href="//img30.360buyimg.com"/> <link rel="dns-prefetch" href="//d.3.cn"/> <link rel="dns-prefetch" href="//d.jd.com"/> <link rel="icon" href="//www.jd.com/favicon.ico" mce_href="//www.jd.com/favicon.ico" type="image/x-icon"/> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/> <meta name="renderer" content="webkit"/> <!--[if lte IE 6]> <script src="//misc.360buyimg.com/mtd/pc/index/home/ie6tip.min.js"></script> <![endif]--> <!--[if IE 8]> <script src="//misc.360buyimg.com/mtd/pc/index_2019/1.0.0/static/lib/polyfill/index.js"></script> <![endif]--> <link href="//misc.360buyimg.com/mtd/pc/index_2019/1.0.0/static/css/first-screen.chunk.css" rel="stylesheet"/> <link href="//misc.360buyimg.com/mtd/pc/index_2019/1.0.0/static/css/index.chunk.css" rel="stylesheet"/> <script type="text/javascript"> window.point.css = new Date().getTime() </script> <script type="text/javascript"> window.pageConfig = {}; //灰度区间统一配置 window.pageConfig.hashList ={"research":[{"start":"0","end":"10000"},{"start":"10000","end":"10000"}],"navitems":[{"start":"0","end":"5000"},{"start":"5000","end":"10000"}],"treasure":[{"start":"0","end":"10000"},{"start":"10000","end":"10000"}]}; // 大促配置 window.promotional = {}; window.promotional.enableShowToolbar = false; window.pageConfig.enableShowSpecialTop = false; window.promotional.enableShowTop = false; window.promotional.enableShowActMark = true; window.promotional.actTimeStart = new Date('2020/03/01 00:00:00').getTime(); window.promotional.actTimeEnd = new Date('2020/03/08 23:59:59').getTime(); window.promotional.focusTag = 'jfs/t1/92799/5/12520/6223/5e4d0603E338f9986/4978d04113632c35.jpg'; window.promotional.focusTagRetina = 'jfs/t1/93880/33/12652/13913/5e4d0609Efe74b090/b11b8d9e0a173cfd.jpg'; window.promotional.topTag = 'jfs/t1/91220/14/13605/13990/5e5aa5c7E591e30d2/6cda5b1d2da640d7.jpg'; window.promotional.topTagRetina = 'jfs/t1/106794/25/13791/34523/5e5aa5d2E37bd5355/4e65301f29ec0a9b.jpg'; // 兜底数据 window.backup = {}; //logo window.pageConfig.logo = {}; //直通车 window.pageConfig.treasure = {"name":"3.27\u817e\u8baf\u9ed1\u9ca8","desc":"","href":"https:\/\/pro.jd.com\/mall\/active\/3MEfvhssijcjGZDTHksFm1xnSoEF\/index.html","src":"https:\/\/m.360buyimg.com\/babel\/jfs\/t1\/89421\/25\/16182\/30522\/5e7ab9eaE0fd943fc\/63b2ed663bf7e6dc.png"}; window.pageConfig.treasureb = {"name":"\u6d4b\u8bd5","desc":"","href":"https:\/\/prodev.jd.com\/mall\/active\/4BonccBkFBPS1QaKtpFxo1KQsh8R\/index.html","src":"https:\/\/m.360buyimg.com\/babel\/jfs\/t1\/107210\/31\/9489\/285481\/5e742295E56f2f282\/79d62d3c0544f52b.gif"}; //企业定投直通车 window.pageConfig.treasureEnterprise = {"name":"","desc":"","href":"https:\/\/b.jd.com\/","src":"https:\/\/m.360buyimg.com\/babel\/jfs\/t1\/95144\/29\/15153\/30972\/5e703475Ef8241cf2\/68bbe9b76448b271.jpg"}; //背板 window.pageConfig.background = {"leftBgPic":"jfs\/t1\/104272\/14\/16368\/147218\/5e7c5918Ee24ef03d\/f1021cdaf6370513.png","leftBgPicExpand":"jfs\/t1\/104427\/35\/16479\/101874\/5e7c5920E50239e64\/a9ce19a790d986d3.jpg","href":"https:\/\/pro.jd.com\/mall\/active\/3MEfvhssijcjGZDTHksFm1xnSoEF\/index.html"}; //企业背板 window.pageConfig.backgroundEnterprise = {"bothBgPic":"https:\/\/m.360buyimg.com\/babel\/jfs\/t1\/100421\/11\/14016\/59117\/5e6061b3E89cc1818\/316dfdc91430f760.png","href":"https:\/\/b.jd.com\/"}; // 页面配置 window.pageConfig.enableActMark = false; window.pageConfig.clstagPrefix = 'h|keycount|'; window.pageConfig.O2_REPORT = 100; window.pageConfig.serverTime = new Date('2020/03/27 01:00:02').getTime(); window.pageConfig.actStart = new Date('2019/10/18 00:00:00').getTime(); window.pageConfig.actEnd = new Date('2019/11/15 23:59:59').getTime(); // 手机京东 window.pageConfig.shortcutMobileData=[{"title":"\u624b\u673a\u4eac\u4e1c","desc":"\u65b0\u4eba\u4e13\u4eab\u5927\u793c\u5305","img":"jfs\/t1\/67481\/15\/565\/28110\/5cec9234E71c47244\/dc4cf353fd96922e.png","url":"https:\/\/app.jd.com\/","devices":[{"type":"iphone","src":"https:\/\/itunes.apple.com\/cn\/app\/id414245413"},{"type":"android","src":"https:\/\/storage.jd.com\/jdmobile\/JDMALL-PC2.apk"},{"type":"ipad","src":"https:\/\/itunes.apple.com\/cn\/app\/jing-dong-hd\/id434374726"}]},{"title":"\u5173\u6ce8\u4eac\u4e1cJD.COM","desc":"\u626b\u4e00\u626b\u5173\u6ce8\u53c2\u4e0e\u5ba0\u7c89\u5927\u62bd\u5956\uff0c\u9650\u65f6\u62bd\u7231\u5947\u827a\u89c6\u9891\u6708\u5361","img":"jfs\/t1\/103930\/25\/12274\/24077\/5e465e2cE8bc26440\/7aeeb0776ee86c41.png","url":"","devices":[]},{"title":"\u4eac\u4e1c\u91d1\u878d\u5ba2\u6237\u7aef","desc":"\u65b0\u4eba\u4e13\u4eab\u5927\u793c\u5305","img":"jfs\/t1\/36947\/5\/10895\/15408\/5cec924bE6c038530\/5cf21582b416c186.jpg","url":"https:\/\/m.jr.jd.com\/integrate\/download\/html\/pc.html","devices":[{"type":"iphone","src":"https:\/\/itunes.apple.com\/cn\/app\/jing-dong-jin-rong-hui-li\/id895682747?mt=8"},{"type":"android","src":"http:\/\/211.151.9.66\/downapp\/jrapp_jr188.apk"}]}]; //今日推荐 window.backup.today=[{"alt":"","ext_columns":{"desc":"","biclk":"3","ap":"OPEWxdgK70C3cTkM2J1\/lA==","focustype":"s","url":"\/\/prodev.jd.com\/mall\/active\/D3d86DsCV2gKbPTZi8EmxB42bZ8\/index.html","mcinfo":"03294000-11213237-1001319613-M#0-2-1--59--#1-tb-#102-19995763#pc-home","text":""},"srcB":"\/\/m.360buyimg.com\/babel\/jfs\/t1\/89185\/23\/13604\/70487\/5e5a4e4eE0c95f33f\/27203477c26cd4bb.jpg","type":"material","gid":"03294000","href":"\/\/prodev.jd.com\/mall\/active\/D3d86DsCV2gKbPTZi8EmxB42bZ8\/index.html","src":"\/\/m.360buyimg.com\/babel\/jfs\/t1\/89185\/23\/13604\/70487\/5e5a4e4eE0c95f33f\/27203477c26cd4bb.jpg"},{"alt":"\u7f8e\u5986\u65b0\u98ce\u5c1a","ext_columns":{"desc":"\u6bcf\u6ee1199\u51cf100","biclk":"3","ap":"0yuUq5jnPAf3BP+sP9uHsw==","focustype":"s","url":"\/\/pro.jd.com\/mall\/active\/NvbhydZd78HbHHrLff6FjGg545i\/index.html","mcinfo":"03294000-11213237-1001319614-M#0-2-1--59--#1-tb-#102-19995763#pc-home","text":"\u7f8e\u5986\u65b0\u98ce\u5c1a"},"srcB":"\/\/m.360buyimg.com\/babel\/jfs\/t1\/97740\/23\/16247\/77394\/5e79bb1fEdd838530\/39673a14c6c49a9a.jpg","type":"material","gid":"03294000","href":"\/\/pro.jd.com\/mall\/active\/NvbhydZd78HbHHrLff6FjGg545i\/index.html","src":"\/\/m.360buyimg.com\/babel\/jfs\/t1\/97740\/23\/16247\/77394\/5e79bb1fEdd838530\/39673a14c6c49a9a.jpg"},{"ext_columns":{"focustype":"g"},"type":"ad","clog":"\/\/im-x.jd.com\/dsp\/np?log=mcBr2Gj6r98ZYNV0cBBsj8WNue_B74-lWVBv_tm7yTCTop1pAKXgD_E0k9jadyWFCco3Kmp6VBpSKm9qEXsHjjxIWhDq1-98kpWKtWH-iLfLlGSZkW* BoringSSL SSL_read: Connection reset by peer, errno 104 * Closing connection 0 curl: (56) BoringSSL SSL_read: Connection reset by peer, errno 104 ``` - [x] 210.61.181.25 (AS3462 Data Communication Business Group) `www.jd.com` - [x] 104.27.175.29 (AS13335 CLOUDFLARENET) [Reference link](https://www.v2ex.com/t/656505) Related events: [Cloudflare 某 IP 被劫持](https://www.v2ex.com/t/572031), [CloudFlare IP 再次被 TCP 劫持](https://www.v2ex.com/t/588848) ## Domain fronting? It's work! ```bash $ curl https://avatars1.githubusercontent.com/ -H "Host: pages.github.com" -v * Trying 151.101.76.133:443... * Connected to avatars1.githubusercontent.com (151.101.76.133) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=www.github.com * start date: Mar 23 00:00:00 2017 GMT * expire date: May 13 12:00:00 2020 GMT * subjectAltName: host "avatars1.githubusercontent.com" matched cert's "*.githubusercontent.com" * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA * SSL certificate verify ok. > GET / HTTP/1.1 > Host: pages.github.com > User-Agent: curl/7.69.1 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Server: GitHub.com < Content-Type: text/html; charset=utf-8 < Last-Modified: Fri, 28 Feb 2020 19:30:14 GMT < ETag: "5e596a46-39b2" < Access-Control-Allow-Origin: * < Expires: Thu, 26 Mar 2020 01:19:14 GMT < Cache-Control: max-age=600 < X-Proxy-Cache: MISS < X-GitHub-Request-Id: 1A06:3748:2902CC:32FB13:5E7C00BA < Content-Length: 14770 < Accept-Ranges: bytes < Date: Thu, 26 Mar 2020 11:44:18 GMT < Via: 1.1 varnish < Age: 244 < Connection: keep-alive < X-Served-By: cache-hkg17935-HKG < X-Cache: HIT < X-Cache-Hits: 1 < X-Timer: S1585223058.008322,VS0,VE1 < Vary: Accept-Encoding < X-Fastly-Request-ID: cd4e51c9070e7850d5ae60b79590c5f8c0942c1c < <!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <link rel="icon" type="image/x-icon" href="/favicon.ico" /> <link type="text/css" href="/css/pages.css" media="all" rel="stylesheet"> <!-- Begin Jekyll SEO tag v2.6.1 --> <title>GitHub Pages | Websites for you and your projects, hosted directly from your GitHub repository. Just edit, push, and your changes are live.</title> <meta name="generator" content="Jekyll v3.8.5" /> <meta property="og:title" content="GitHub Pages" /> <meta property="og:locale" content="en_US" /> <meta name="description" content="Websites for you and your projects, hosted directly from your GitHub repository. Just edit, push, and your changes are live." /> <meta property="og:description" content="Websites for you and your projects, hosted directly from your GitHub repository. Just edit, push, and your changes are live." /> <link rel="canonical" href="https://pages.github.com/" /> <meta property="og:url" content="https://pages.github.com/" /> <meta property="og:site_name" content="GitHub Pages" /> <meta name="twitter:card" content="summary" /> <meta property="twitter:title" content="GitHub Pages" /> <meta name="twitter:site" content="@github" /> [...] ``` ## Proxy any websites? Nope. ```bash $ curl --resolve "www.baidu.com:443:157.185.169.208" https://www.baidu.com/ -vk * Added www.baidu.com:443:157.185.169.208 to DNS cache * Hostname www.baidu.com was found in DNS cache * Trying 157.185.169.208:443... * Connected to www.baidu.com (157.185.169.208) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256 * ALPN, server did not agree to a protocol * Server certificate: * subject: C=CN; ST=GD; L=SZ; O=COM; OU=NSP; CN=SERVER; [email protected] * start date: Sep 26 09:33:13 2019 GMT * expire date: Sep 23 09:33:13 2029 GMT * issuer: C=CN; ST=GD; L=SZ; O=COM; OU=NSP; CN=CA; [email protected] * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway. > GET / HTTP/1.1 > Host: www.baidu.com > User-Agent: curl/7.69.1 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 502 Bad Gateway < Server: nginx < Date: Thu, 26 Mar 2020 17:12:08 GMT < Content-Type: text/html < Content-Length: 166 < Connection: keep-alive < <html> <head><title>502 Bad Gateway</title></head> <body bgcolor="white"> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx</center> </body> </html> * Connection #0 to host www.baidu.com left intact ``` This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,14 @@ -----BEGIN CERTIFICATE----- MIICNzCCAd2gAwIBAgIUD6UJah0ReDrJIuxhqrTa0CAAbAMwCgYIKoZIzj0EAwIw cTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjEMMAoGA1UE CgwDQ09NMQwwCgYDVQQLDANOU1AxCzAJBgNVBAMMAkNBMR8wHQYJKoZIhvcNAQkB FhAzNDY2MDg0NTNAcXEuY29tMB4XDTE5MDkyNjA5MzIzN1oXDTI5MDkyMzA5MzIz N1owcTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjEMMAoG A1UECgwDQ09NMQwwCgYDVQQLDANOU1AxCzAJBgNVBAMMAkNBMR8wHQYJKoZIhvcN AQkBFhAzNDY2MDg0NTNAcXEuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE qZ26n2ml6hcyf+NS0TP8PSZ1qlFzUb/tpr6Wb6zE9cSzkGOXej0ddI3sNvq/bLzk LLvaQLEzaIFyRDY6fcSQ36NTMFEwHQYDVR0OBBYEFKv8Ri5sjN4WZoaWvK/h9Yf+ zhVyMB8GA1UdIwQYMBaAFKv8Ri5sjN4WZoaWvK/h9Yf+zhVyMA8GA1UdEwEB/wQF MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhANFUxlZxx3dfmxEu1I0huK9eY/IPl6Xz AsUXUQZN2QPXAiACddgQK7I4I86sjPwjCMafPES9LkV/whcFV60LlAftaQ== -----END CERTIFICATE----- This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,13 @@ -----BEGIN CERTIFICATE----- MIIB4TCCAYcCFDjGwZUOfrr1+SWHR5GxJ/rwXsHZMAoGCCqGSM49BAMCMHExCzAJ BgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCU1oxDDAKBgNVBAoMA0NP TTEMMAoGA1UECwwDTlNQMQswCQYDVQQDDAJDQTEfMB0GCSqGSIb3DQEJARYQMzQ2 NjA4NDUzQHFxLmNvbTAeFw0xOTA5MjYwOTMzMTNaFw0yOTA5MjMwOTMzMTNaMHUx CzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCU1oxDDAKBgNVBAoM A0NPTTEMMAoGA1UECwwDTlNQMQ8wDQYDVQQDDAZTRVJWRVIxHzAdBgkqhkiG9w0B CQEWEDM0NjYwODQ1M0BxcS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASJ 27aMaVclvmdT8m6l98K999FM4dYTg4ag0627S2bxbLYHyLdQ0jqay5kA9KCF9Ucw uzcqtTrNERlLIsxDGkLjMAoGCCqGSM49BAMCA0gAMEUCIH1+jEiQTVA+siP2g9kw ITFZZINVKyET48788OSCLK1hAiEA+c5bJvnrdtZ1rbsLXJWtglkXSeBaHy5Wdt7w dGc7McM= -----END CERTIFICATE----- LoadingSorry, something went wrong. Reload?Sorry, we cannot display this file.Sorry, this file is invalid so it cannot be displayed.