我先获取 GitHub 的 ip:
> nslookup github.com 8.8.8.8 Server: dns.google Address: 8.8.8.8 Name: github.com Address: 13.229.188.59 这个 ip 是没问题的,位于新加坡的 Amazon,应该是个 CDN
然后测试证书:
$ openssl s_client -showcerts -servername github.com -connect 13.229.188.59:443 CONNECTED(00000005) depth=1 C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = CA, emailAddress = [email protected] verify error:num=19:self signed certificate in certificate chain --- Certificate chain 0 s:C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = SERVER, emailAddress = [email protected] i:C = CN, ST = GD, L = SZ, O = COM, OU = NSP, CN = CA, emailAddress = [email protected] 省略…… 就是那个诡异的 QQ 号证书。
我再找个 cloudflare 的 ip 试试( GitHub 没有使用 cloudflare 的 CDN )
$ host v2ex.com v2ex.com has address 104.20.9.218 v2ex.com has address 104.20.10.218 v2ex.com has IPv6 address 2606:4700:10::6814:ada v2ex.com has IPv6 address 2606:4700:10::6814:9da 同样测试证书,SNI 为 github.com ,没有被劫持:
$ openssl s_client -showcerts -servername github.com -connect 104.20.9.218:443 CONNECTED(00000005) depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Domain Validation Secure Server CA 2 verify return:1 depth=0 CN = ssl509603.cloudflaressl.com verify return:1 --- Certificate chain 0 s:CN = ssl509603.cloudflaressl.com i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Domain Validation Secure Server CA 2 -----BEGIN CERTIFICATE----- 省略…… 各位怎么看?
1
Select Language