certificate problem with libravatar

John Keeping john at keeping.me.uk
Thu Jul 3 12:22:57 CEST 2014

On Thu, Jul 03, 2014 at 11:16:21AM +0200, Christian Hesse wrote:
> looks like we have a certificate problem with libravatar email filter. For
> base URL we use "//cdn.libravatar.org/", with is fine if cgit serves
> unencrypted html pages. The url evaluates to "http://cdn.libravatar.org/"
> then. However if cgit sends an encrypted site the url is
> "https://cdn.libravatar.org/", with results in a certificate error as CN does
> not match.
> We could just change the url to "//seccdn.libravatar.org/" or
> "https://seccdn.libravatar.org/", but that would fetch the avatar via https
> all the some. In fact the first one makes two requests as the http server
> redirects to https one.
> Does the script know whether or not the site is encrypted? That would allow
> us to choose the correct url. Any other ideas?

FWIW my vote would be to always use "https://seccdn.libravatar.org/",
since HTTP->HTTPS is OK but HTTPS->HTTP is not and if HTTP is just going
to redirect to HTTPS then we might as well go directly to the HTTPS.

More information about the CGit mailing list