#3118 https://download.fedora.redhat.com uses *.fedoraproject.org SSL certificate

Created 6 years ago by thoger
Modified 6 years ago

= bug description =

Migrated from https://bugzilla.redhat.com/show_bug.cgi?id=785927:

https://download.fedora.redhat.com SSL certificate common name is
*.fedoraproject.org, which is of course invalid.

This is therefore a security issue, as one would have to trust the wildcard
that points to fedoraproject, where all sites are probably not managed by
(That's also why all browsers will produce an error/warning when hitting that

= bug analysis =

I'm not sure if this host is expected to offer https for end users or is only expected by be accessed using a different name these days, hence moving to fedora-infrastructure attention.

download.fedora.redhat.com is an OLD alias. No one should be using it by now.

I think we can look at either dropping it, or changing it to a redirect to the proper dl.fedoraproject.org.

I'm gonna propose we drop this externally, but keep the internal one to rh.

This DNS alias has been dropped.

I've made a blog post about the change.

I've made an announce list about the change.

I've made sure the wiki is updated (there's one page left that is a packaging page, should be updated soon).

Login to comment on this ticket.