Commits for galt

5050bac019113baa2063ead726f78d5ae38af5f2 Thu Jun 1 00:51:16 2023 -0700

Updating the whitelist after doing a full re-scan of all the error_log data available under /hive/data/inside/wwwstats/. Thanks to Lou for helping check for missing data.
- src/lib/https.c - lines changed 134, context: html, text, full: html, text

e5fb628e596f737787c714b5b7cc74128a48daa2 Thu Jun 1 13:42:16 2023 -0700

Removing domains that do not need to be on the https whitelist because a scan shows they work just fine. 137 removed leaving just 153.
- src/lib/https.c - lines changed 137, context: html, text, full: html, text

7bc669f46f2444b07b01749af60c9de0b5808f2a Fri Jun 2 11:57:37 2023 -0700

openssl s_client will not work right unless both the -trusted_first and -servername are provided.
- src/hg/htdocs/goldenPath/help/hgTrackHubHelp.html - lines changed 1, context: html, text, full: html, text

9cac0646b62ac2cc4cfa2e0b8bd363370a5cd2d2 Fri Jun 2 13:29:03 2023 -0700

Removing domains from the whitelist where the site no longer exists.
- src/lib/https.c - lines changed 7, context: html, text, full: html, text

233372100fe94b4265cc557eb80b17aef2f7720a Sat Jun 3 17:38:52 2023 -0700

openssl does not verify host name by default, so we need to set a flag and pass the host name. This also means that urls with IP addresses instead of hostname will now give an error, but the whitelist can now just have IP addresses and it all works out. I double checked the history and there never more than 2 IP addresses in the whitelist, and these have been restored from those and also the recent full logs scan. We can watch the logs for any new IP addresses, but not expecting much to turn up. Also LetsEncrypt and other providers do not allow the IP address in the cert.
- src/lib/https.c - lines changed 25, context: html, text, full: html, text