Modify

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#16009 closed task (fixed)

Finish update JOSM to https Redirect port 80 to https?

Reported by: stoecker Owned by: team
Priority: normal Milestone:
Component: Core Version:
Keywords: Cc: Klumbumbus, Don-vip

Description

Stats:

Current test file has 1000000 lines (makes stats easy :-):

  • https: 692439
  • http: 307561
    • apt: 73791
    • svn: 44824
    • josm: 5615
    • bots:114034
    • ?: 69297

Means 30% is still http, where 11% (apt+svn+josm) should be https. Only 11% bot traffic is not really wanted and could stay http. Probably half of the last section are viruses, the rest legitimate accesses which probably should be https as well.

Drop HTTPS and redirect to port 443?

Attachments (0)

Change History (14)

comment:1 by Don-vip, 6 years ago

In Main we still have the following:

    /**
     * Returns the JOSM XML URL.
     * @return the josm XML URL
     * @since 6897
     */
    public static String getXMLBase() {
        // Always return HTTP (issues reported with HTTPS)
        return "http://josm.openstreetmap.de";
    }

I don't remember why.

comment:2 by stoecker, 6 years ago

I would leave that. Otherwise we redefine our data format.

We're anyway one of the minority where the XML base is really a valid link. Nearly nobody else does this. It will work also in future, but then with a redirect.

comment:3 by Don-vip, 6 years ago

ok.

comment:4 by Don-vip, 6 years ago

In 13454/josm:

see #16009 - fix last http -> https links

comment:5 by Don-vip, 6 years ago

Otherwise, I'm ok with redirection to https :)

comment:6 by Hb---, 6 years ago

Version 13457 does not show up on Windows 7 64 bit. It gets stuck with the debug line:

FEIN: powershell -Command [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;Invoke-WebRequest https://roottest-g2.pkioverheid.nl

No problem on Ubuntu 16.04.3.

comment:7 by stoecker, 6 years ago

Resolution: fixed
Status: newclosed

comment:8 by stoecker, 6 years ago

The XML-URL's stay valid without redirect ;-) Everything perfect...

comment:10 by Don-vip, 6 years ago

Yes I guess this was quite easy for a government to corrupt our Windows installer... Are we "as safe as possible" now?

in reply to:  10 comment:11 by stoecker, 6 years ago

Replying to Don-vip:

Are we "as safe as possible" now?

Not "as possible", but "as sensible". Some possible techniques are bullshit in my eyes and other s which I think more useful aren't really usable yet.

So for the server we could say: Yes.
Other sources: Not yet, but in progress.

comment:12 by stoecker, 6 years ago

We have still more than 900 http entries in the Imagery. I think many of these could actually be https. I wanted to add it to the SyncChecker, but more than 900 is a bit much even if not marked in red ...

comment:13 by stoecker, 6 years ago

Status after the major rework last weeks:

  • 164 domains use http instead of https
  • 375 link use http
  • One domain (ge.ch) used http and https, but the https link is broken for the specified http URL

i.e. more than half of the 900 links are fixed now.

Command to print remaining domains:

perl -ne 'print "$2 [$1]\n" if /http(s?):\/\/(.*?)\//;' imagery_josm.imagery.xml |sort -u |perl -ne '/(.*) \[(s?)\]/; print "$1\n" if $a ne $1 && !$2; print "$1 BOTH\n" if $a eq $1; $a = $1;'

comment:14 by stoecker, 6 years ago

See #16123 for special imagery https ticket.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.