Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue]: SSL_ERROR_BAD_CERT_DOMAIN on nexisuni #460

Open
sleepy-nols opened this issue May 10, 2024 · 3 comments
Open

[Issue]: SSL_ERROR_BAD_CERT_DOMAIN on nexisuni #460

sleepy-nols opened this issue May 10, 2024 · 3 comments

Comments

@sleepy-nols
Copy link
Contributor

Expected behavior:
When fetching article, bibbot automatically logs into nexisuni.

Actual behavior:
Before login can happen, SSL_ERROR_BAD_CERT_DOMAIN error blocks loading of page, as HTTPS-Only Mode is enabled.

When trying to fetch an article from https://www.nexisuni.com.bonn.idm.oclc.org/ the following error occurs.
I have enabled HTTPS-Only Mode in Firefox. I think this might be a issue on nexisuni's side, still leaving this here to keep track of the bug.

SSL_ERROR_BAD_CERT_DOMAIN
https://www.nexisuni.com.bonn.idm.oclc.org/

Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

Certificate chain:

-----BEGIN CERTIFICATE-----
MIIGVjCCBL6gAwIBAgIQP8vXmsEwSCD+hiv0CU1igjANBgkqhkiG9w0BAQsFADBK
MQswCQYDVQQGEwJVUzETMBEGA1UECgwKT0NMQywgSW5jLjEmMCQGA1UEAwwdT0NM
QyBUTFMgSXNzdWluZyBSU0EgU3ViQ0EgUjEwHhcNMjQwMjE2MTY1MzEwWhcNMjUw
MjE1MTY1MzEwWjAeMRwwGgYDVQQDDBMqLmJvbm4uaWRtLm9jbGMub3JnMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu68vdlLSJSH9IXUEOkrd/0IpH8x1
s8r48O84419aZV7jgURA1iJgFKm6JrFiImk4vb+bUZKt58RYl2GCOk6z9a6Gg2le
TAkPRzsRQ27Ac78Yj2d3lzTozsOGFbCLp1Y/Un4rJnIpx/1cU20MjEocD0KeRaYt
fHPnyB4dHxJSH+cLYum883SuG/xHzhYWSEHtWh/M6UgEMkDMap+kBgt9PZhVr+uA
zFGyrappe7/fT7ArOk4BBQyw2qG5qgjkj+vad5/6aiGqsi8+/JRlCVskkaQQ2aT1
j1zk9F5R1Cj8CFPWTLoUr8LHMzeuGMt5Ckv9lbcdhmSgSS+dCN3RAj72qwIDAQAB
o4IC4jCCAt4wDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQgmPuh+fMGhfKXNiK0
gPb1qFaKMDBnBggrBgEFBQcBAQRbMFkwNQYIKwYBBQUHMAKGKWh0dHA6Ly9jZXJ0
LnNzbC5jb20vT0NMQy1UTFMtSS1SU0EtUjEuY2VyMCAGCCsGAQUFBzABhhRodHRw
Oi8vb2NzcHMuc3NsLmNvbTAxBgNVHREEKjAoghMqLmJvbm4uaWRtLm9jbGMub3Jn
ghFib25uLmlkbS5vY2xjLm9yZzAjBgNVHSAEHDAaMAgGBmeBDAECATAOBgwrBgEE
AYKpMAEDAQEwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMDoGA1UdHwQz
MDEwL6AtoCuGKWh0dHA6Ly9jcmxzLnNzbC5jb20vT0NMQy1UTFMtSS1SU0EtUjEu
Y3JsMA4GA1UdDwEB/wQEAwIFoDCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcA
zxFW7tUufK/zh1vZaS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGNst8+twAABAMASDBG
AiEA9i+spG1jckvUkg3ZDmsVpe+GRDjB+vt0YuDsTZiidjsCIQC0JgioiXAjE/pa
U2LKYgIk9aWnPW10/m1vGqLVaoqh3wB3AE51oydcmhDDOFts1N8/Uusd8OCOG41p
wLH6ZLFimjnfAAABjbLfPo8AAAQDAEgwRgIhAJ5pz4QNEzE04FkRs4+gWxkEb7Hk
iyqHJ7AVIIzrCjmpAiEAzOSZl7ZMO4nAbTImX5k0l5WPApgtEwhmOapnRXurihkA
dQDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2XjbapflTA/kwNsAAAAY2y3z6zAAAEAwBG
MEQCIEsKU18wBHu8ZtUS8H7s6poQJHNuUuxaxqD8xL29HHydAiAtdOssupNagJJU
b82yVKMco0QFNTixWM4k7y+cUqQt2zANBgkqhkiG9w0BAQsFAAOCAYEACpZKYSLu
516Kz6DHCPVT0bJ+0gMDhVi8gCyZjKu7zBWalp65k1H57IjeE2JGHhCoZ1jYvvDu
7OCL7PDXQVVYqh0QxHCl2Wl3ireiKOnbsjj8MJ/t+HDU6tQRbsr+3zrKbwteugP2
BV5+ZYnSOvsKHphX7jYodt3DWoZyySDtwaHwd37e5KtDxLKIaxmCgNCyP9a6cmcn
KIxiYJ3En7t5UiOElEuAgJY5nb3jfDvc3PdLpOfCrPHwGBeL52hvFN4T4jTzfSpv
XjrS03feJfxB4g4rm0h/Zn3+ebRIYQWph7S6Xy5ni3dtG+BpNufdMGxjL2c4BZaj
HEiyY18aajIejaQaSZW1SdME0hDU9egOu7WF3qvnB4g8f0DGe5hOaP5P0aSWqNrF
l9rTp9+yp2hKxKoOFIuJwFAENo8potvWyHNkmZfDUTbKIjxdM52CkP+hCr3tzXZ7
xQd/6VAvMx01EMBM4FqT0BjcUUbg1LsAL4qvb7uEZm+gZ0FNY6SeOpy2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGVzCCBD+gAwIBAgIQX1s30+lhAlqVgHyZRXOttTANBgkqhkiG9w0BAQsFADB6
MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24x
ETAPBgNVBAoMCFNTTCBDb3JwMTYwNAYDVQQDDC1TU0wuY29tIFNTTCBFbnRlcnBy
aXNlIEludGVybWVkaWF0ZSBDQSBSU0EgUjEwHhcNMjIwOTIyMTc0ODM5WhcNMzIw
OTE5MTc0ODM4WjBKMQswCQYDVQQGEwJVUzETMBEGA1UECgwKT0NMQywgSW5jLjEm
MCQGA1UEAwwdT0NMQyBUTFMgSXNzdWluZyBSU0EgU3ViQ0EgUjEwggGiMA0GCSqG
SIb3DQEBAQUAA4IBjwAwggGKAoIBgQCGawa79QE5sNYbpCJZgCRFoGKsgaDU3kN9
J8LdEZYbYKvdi8nc9+2rj2VZSY3lQLR+Gn/M2VwN4A4IDn5/K9GmXV+3Q8C7Zxl1
CBEOrkpCwXL3w/hpxEiHcIs/3TyxWTHu2YBvwwSP4zlyGA7QixVpLw+PUSNLNVb1
zBEyoPEXjhUWM/R/NA7nzX5CUC5bZq6Lwmx1w6La+5uSiBKPwtd5VKD+ag27ipb4
ItG53DN3bEFDgfi8O0S8VyVLla3njGAbLavJaktrxh+ycI0uLmSSSXAoDn4Zoy4F
tLQNFAnYfJ1wy1Ty1UmcyX8uS8hF48QTkizTh8D98kQN1wbayP0cBDJxPo/DJwby
Gk7YLKnBkpHCHHVqstDloMfPuh/HAuLC3m45UpjGmoZlFGit2Io2WCOY/FS4lzBN
VivglqVerfb4CRs8afvYBh61hWfDIoMRT6aoZjEnSyxNS3BBLH3KI/qndQa8CTov
pHpN7yIXtsuT3Feqw5OMxTBgaKsLXTECAwEAAaOCAYcwggGDMBIGA1UdEwEB/wQI
MAYBAf8CAQAwHwYDVR0jBBgwFoAU0D3qopgHXUSFzwP7yr80Cp8QxGgwYwYIKwYB
BQUHAQEEVzBVMFMGCCsGAQUFBzAChkdodHRwOi8vY2VydC5zc2wuY29tL1NTTC5j
b20tRW50ZXJwcmlzZS1JbnRlcm1lZGlhdGUtU1NMLVJTQS00MDk2LVIxLmNlcjA/
BgNVHSAEODA2MDQGBFUdIAAwLDAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cuc3Ns
LmNvbS9yZXBvc2l0b3J5MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATBY
BgNVHR8EUTBPME2gS6BJhkdodHRwOi8vY3Jscy5zc2wuY29tL1NTTC5jb20tRW50
ZXJwcmlzZS1JbnRlcm1lZGlhdGUtU1NMLVJTQS00MDk2LVIxLmNybDAdBgNVHQ4E
FgQUIJj7ofnzBoXylzYitID29ahWijAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3
DQEBCwUAA4ICAQB0k6ASR5Xhf2i4wnonYuOMtB4nJiNzkOpLbELTX5sdJKwxeSn6
P8DVOEaDiMAuxIhKPBO8t98rIMi9dMftfJLcq8kfbthbHPS90+vX1f1O44J2hDl0
+lmjuDJxD0veotSUJsdvcI6FswkEwMB2tACL1Rju09a8Gew97TpnzM9BI9UgFZWx
HCnZVxA+1Zn0vCaHBby0UGeAeamdcmRp2Ap2sT7HeXh1KmHh3zLXokFk7lgfHBzA
8/bsnKQ91Dg9QMnJIjdSJSe3KZaIHnD7FFFn1FzKPsBFXUHrcl4ZGQFrif4hnG6Q
y5BYSb8aLCXzbIwDZp2RScFcUGicDx0uzyT+IQD8dn07GVZ33/gsXqAus61rX/LO
T1XpcVeMAHu49rHv+R5AoCO8a5ChsX/JhMCul8LPCss1IiGdsj3q3lBdbvxGo0aR
tsSVa0mYmr2Y1g/LiTvjJp2r7pCTLi2VDqLH62c4Wp/uwKJO7DOh5D28AlvuBT+8
de4EAWBQ8pZCc+cOgpKIknOS4Muur9Q4oCspQc5yyso+ITfuGVsn5HwkThYG+h+N
1dziQmAFj+BWgwcy5NuKDZTyp5uWJ15Dwd/9N6RDbTsSTXrj1z+7/Q2NXu6Rg1XW
voL/WBROTRYLXk8iZzRErtM3gh0J6k67ye9+ShAcLjjRil3AXT8SS3vlag==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIG3DCCBMSgAwIBAgIQekYJPiN8u6jQIc4ccKrwDDANBgkqhkiG9w0BAQsFADB8
MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24x
GDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBSb290
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTAeFw0xOTAzMjYxNzM4MTNaFw0z
NDAzMjIxNzM4MTNaMHoxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G
A1UEBwwHSG91c3RvbjERMA8GA1UECgwIU1NMIENvcnAxNjA0BgNVBAMMLVNTTC5j
b20gU1NMIEVudGVycHJpc2UgSW50ZXJtZWRpYXRlIENBIFJTQSBSMTCCAiIwDQYJ
KoZIhvcNAQEBBQADggIPADCCAgoCggIBAINSlaA4gvtnAWSxT5bXGvlOCmJmS0E2
RlRky8QPENT0ZyXGUsnluHz5MoIOvQ0JOQN/KuRvOsjhDQ80Ljdv4wETn3CXpWHn
i+URsf1wBFwfdqQOMkXPk+maMnfiyjPinzVNVlbbiLyi3lPsbePCW+8R+Zje5qqH
y4DEI0IzuuD6EUoBTAtiEyEfh0xP5M2yeUl+g1BlmvO6PUqB+TDkn9KCc95OK3pI
m7spAsUlxhK0P2MZiB6s74QNCWB4IuzDMY/8/lMnMbtkZUYneBRKj6Jt3zipQ6LE
d982dwOttO6MQg3m+A+Zs9fZTBj0eojn1OAUA0bxzBqu9pVsGxgrQ5HHTosGOuW7
1sFLq9ChO7lv/bZxTAzO4G5ym3/t74j/OdPgbRKc5W6CxhsoqMuy6g8LBzf6svP7
3h5l8EZ4zwZ1v8xFy7iTe7+3FQZBG15l6GL7d/BBMOC9Nxo+IU4hEe6N6rcee9kw
LwcpT7aB3d9SqSw59wL1Wa+k+l1uSX2QkfBLBVg0uSF5Hi+NyvKrvpNvSF7IEUQ2
ii818dArblAmI+C6x1hV37ev3HJhpj6hzbdc3JAEZysezYCLjL6XmmAfPHShRU6N
Ug83906voZMgqBiJcpoW/vv9FI42Y35TIbESPvKk2w3Aznt5PhooqYOHslzIDASE
PoPdiAhNEhRZAgMBAAGjggFaMIIBVjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
MBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMIGDBggrBgEFBQcBAQR3MHUwUQYIKwYB
BQUHMAKGRWh0dHA6Ly93d3cuc3NsLmNvbS9yZXBvc2l0b3J5L1NTTGNvbVJvb3RD
ZXJ0aWZpY2F0aW9uQXV0aG9yaXR5UlNBLmNydDAgBggrBgEFBQcwAYYUaHR0cDov
L29jc3BzLnNzbC5jb20wEQYDVR0gBAowCDAGBgRVHSAAMB0GA1UdJQQWMBQGCCsG
AQUFBwMCBggrBgEFBQcDATA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3Jscy5z
c2wuY29tL3NzbC5jb20tcnNhLVJvb3RDQS5jcmwwHQYDVR0OBBYEFNA96qKYB11E
hc8D+8q/NAqfEMRoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEA
JOmE8VLUTIykvmLBD67jxXzMjHEw9YZSbg4HEjBentc6mNxJ+I7BAHJqx+pbIXbr
3Ik/yTIZyyRFfdBB5Txf7Fdf/3emA0/Cchu9mVy8rcMrf78zNS1RnTuztnyw1G0C
zT2n3YgJRBKfTmrhIWekF1nsZ6Vj/XvJaDSwQr1UQwp+5JcWZt0IgUr2idntxp9P
pv/rpwEHot+xs2RufVbfZCjlknBr/i1m+WgOKLe5TZBf6yjNBb/gOo1u2HOLnQw/
54iTPHvjBck0eRnwTUCcBEIC4+kjUPbjUUtxU20WowsUqlOb4rEzjuevTMXCZdxe
GsxvKvfEdlxUHOA/lcGEf/2uoov8uV4v6aFT9n/ZFJwoIzjB7R/tn/uHoATpin4b
gds1Ffo12dl/PoaCBS5OgWAnJ3+cyBOdJ2/XPFb5kNWTfuBMjsNeNvWqWLJfbYP9
GlTruPqC+Uh/tTETkHSxUPpywSnbNer1M6eL9CQVIYZ+g6nESXFvOpaWfdAa/MlZ
CB5yejdUfxihUkHf5/bbho8hQ8KS6CKJ0rB7VoQyGktTFf5N5jogSox37MSYoR5d
9HKwvZmHPgBYLwGD5F/EUQhiMEHI9FLwvgeKt2yoaGFKxWilOm1g5NWNOSaoI+bF
yHnQZqUZ5+CL0njjIjweuPfE3EgZQr0k9tL8fkkgDFQ=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgIRAOQnBJX2jJHW0Ox7SU6k3xwwDQYJKoZIhvcNAQELBQAw
fjELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu
QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEiMCAG
A1UEAxMZQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQTAeFw0xODA5MTEwOTI2NDda
Fw0yMzA5MTEwOTI2NDdaMHwxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQ
MA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTEwLwYD
VQQDDChTU0wuY29tIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBMIIC
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA+Q/doyt9y9Aq/uxnhabnLhu6
d+Hj9a+k7PpKXZHEV0drGHdrdvL9k+Q9D8IWngtmw1aUnheDhc5W7/IW/QBi9SIJ
VOhlF05BueBPRpeqG8i4bmJeabFf2yoCfvxsyvNB2O3Q6Pw/YUjtsAMUHRAOSxng
u07shmX/NvNeZwILnYZVYf16OO3+4hkAt2+hUGJ1dDyg+sglkrRueiLH+B6h47Ld
kTGrKx0E/6VKBDfphaQzK/3i1lU0fBmkSmjHsqjTt8qhk4jrwZe8jPkd2SKEJHTH
BD1qqSmTzOu4W+H+XyWqNFjIwSNUnRuYEcM4nH49hmylD0CGfAL0XAJPKMuucZ8P
Osgz/hElNer8usVgPdl8GNWyqdN1eANyIso6wx/vLOUuqfqeLLZRRv2vA9bqYGjq
hRY2a4XpHsCz3cQk3IAqgUFtlD7I4MmBQQCeXr9/xQiYohgsQkCz+W84J0tOgPQ9
gUfgiHzqHM61dVxRLhwrfxpyKOcAtdF0xtfkn60Hk7ZTNTX8N+TD9l0WviFz3pIK
+KBjaryWkmo++LxlVZve9Q2JJgT8JRqmJWnLwm3KfOJZX5es6+8uyLzXG1k8K8zy
GciTaydjGc/86Sb4ynGbf5P+NGeETpnr/LN4CTNwumamdu0bc+sapQ3EIhMglFYK
TixsTrH9z5wJuqIz7YcCAwEAAaOCAVEwggFNMBIGA1UdEwEB/wQIMAYBAf8CAQIw
HQYDVR0OBBYEFN0ECQei9Xp9UlMSkpXuOIAlDaZZMB8GA1UdIwQYMBaAFAh2zcsH
/yT2xc3tu5C84oQ3RnX3MA4GA1UdDwEB/wQEAwIBBjA2BgNVHR8ELzAtMCugKaAn
hiVodHRwOi8vc3NsY29tLmNybC5jZXJ0dW0ucGwvY3RuY2EuY3JsMHMGCCsGAQUF
BwEBBGcwZTApBggrBgEFBQcwAYYdaHR0cDovL3NzbGNvbS5vY3NwLWNlcnR1bS5j
b20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9zc2xjb20ucmVwb3NpdG9yeS5jZXJ0dW0u
cGwvY3RuY2EuY2VyMDoGA1UdIAQzMDEwLwYEVR0gADAnMCUGCCsGAQUFBwIBFhlo
dHRwczovL3d3dy5jZXJ0dW0ucGwvQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQAflZoj
VO6FwvPUb7npBI9Gfyz3MsCnQ6wHAO3gqUUt/Rfh7QBAyK+YrPXAGa0boJcwQGzs
W/ujk06MiWIbfPA6X6dCz1jKdWWcIky/dnuYk5wVgzOxDtxROId8lZwSaZQeAHh0
ftzABne6cC2HLNdoneO6ha1J849ktBUGg5LGl6RAk4ut8WeUtLlaZ1Q8qBvZBc/k
pPmIEgAGiCWF1F7u85NX1oH4LK739VFIq7ZiOnnb7C7yPxRWOsjZy6SiTyWo0Zur
LTAgUAcab/HxlB05g2PoH/1J0OgdRrJGgia9nJ3homhBSFFuevw1lvRU0rwrROVH
13eCpUqrX5czqyQR
-----END CERTIFICATE-----
@sleepy-nols
Copy link
Contributor Author

sleepy-nols commented May 10, 2024
edited
Loading

After playing around with this ssl checker a bit, I found out that the domain www.nexisuni.com.bonn.idm.oclc.org we are linking to, is actually redirecting via a 302 temporary redirect to www-nexisuni-com.bonn.idm.oclc.org. Which does not trigger the ssl error.

HTTP status code 	302
HTTP forwarding 	https://www-nexisuni-com.bonn.idm.oclc.org

As the the nexisuni certificate just covers *.bonn.idm.oclc.org and bonn.idm.oclc.org, further nested domains like the above www.nexisuni. com.bonn.idm.oclc.org are not covered by them. As the dashes in www-nexisuni-com.bonn.idm.oclc.org do not create more subdomains, unlike the dot notation, the domain with dashes works.

Gonna open a mr soon, replacing the url. :)

@sleepy-nols
Copy link
Contributor Author

an anyone reproduce this on others sites that use nexisuni but a different bib?

@sleepy-nols
Copy link
Contributor Author

somehow I cannot trigger this error consistently

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sleepy-nols