Modify

Opened 12 months ago

Closed 12 months ago

Last modified 11 months ago

#16009 closed task (fixed)

Finish update JOSM to https Redirect port 80 to https?

Reported by: stoecker Owned by: team
Priority: normal Milestone:
Component: Core Version:
Keywords: Cc: Klumbumbus, Don-vip

Description

Stats:

Current test file has 1000000 lines (makes stats easy :-):

  • https: 692439
  • http: 307561
    • apt: 73791
    • svn: 44824
    • josm: 5615
    • bots:114034
    • ?: 69297

Means 30% is still http, where 11% (apt+svn+josm) should be https. Only 11% bot traffic is not really wanted and could stay http. Probably half of the last section are viruses, the rest legitimate accesses which probably should be https as well.

Drop HTTPS and redirect to port 443?

Attachments (0)

Change History (14)

comment:1 Changed 12 months ago by Don-vip

In Main we still have the following:

    /**
     * Returns the JOSM XML URL.
     * @return the josm XML URL
     * @since 6897
     */
    public static String getXMLBase() {
        // Always return HTTP (issues reported with HTTPS)
        return "http://josm.openstreetmap.de";
    }

I don't remember why.

comment:2 Changed 12 months ago by stoecker

I would leave that. Otherwise we redefine our data format.

We're anyway one of the minority where the XML base is really a valid link. Nearly nobody else does this. It will work also in future, but then with a redirect.

comment:3 Changed 12 months ago by Don-vip

ok.

comment:4 Changed 12 months ago by Don-vip

In 13454/josm:

see #16009 - fix last http -> https links

comment:5 Changed 12 months ago by Don-vip

Otherwise, I'm ok with redirection to https :)

comment:6 Changed 12 months ago by Hb---

Version 13457 does not show up on Windows 7 64 bit. It gets stuck with the debug line:

FEIN: powershell -Command [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;Invoke-WebRequest https://roottest-g2.pkioverheid.nl

No problem on Ubuntu 16.04.3.

comment:7 Changed 12 months ago by stoecker

Resolution: fixed
Status: newclosed

comment:8 Changed 12 months ago by stoecker

The XML-URL's stay valid without redirect ;-) Everything perfect...

comment:9 Changed 11 months ago by stoecker

comment:10 Changed 11 months ago by Don-vip

Yes I guess this was quite easy for a government to corrupt our Windows installer... Are we "as safe as possible" now?

comment:11 in reply to:  10 Changed 11 months ago by stoecker

Replying to Don-vip:

Are we "as safe as possible" now?

Not "as possible", but "as sensible". Some possible techniques are bullshit in my eyes and other s which I think more useful aren't really usable yet.

So for the server we could say: Yes.
Other sources: Not yet, but in progress.

comment:12 Changed 11 months ago by stoecker

We have still more than 900 http entries in the Imagery. I think many of these could actually be https. I wanted to add it to the SyncChecker, but more than 900 is a bit much even if not marked in red ...

comment:13 Changed 11 months ago by stoecker

Status after the major rework last weeks:

  • 164 domains use http instead of https
  • 375 link use http
  • One domain (ge.ch) used http and https, but the https link is broken for the specified http URL

i.e. more than half of the 900 links are fixed now.

Command to print remaining domains:

perl -ne 'print "$2 [$1]\n" if /http(s?):\/\/(.*?)\//;' imagery_josm.imagery.xml |sort -u |perl -ne '/(.*) \[(s?)\]/; print "$1\n" if $a ne $1 && !$2; print "$1 BOTH\n" if $a eq $1; $a = $1;'

comment:14 Changed 11 months ago by stoecker

See #16123 for special imagery https ticket.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.