rmoriz/gist:fb2b0a6a0ce10550ab73 Secret

## gistfile1.txt
10.9
====

➜  ~  curl --version
curl 7.30.0 (x86_64-apple-darwin13.0) libcurl/7.30.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz

➜  ~  ls -la /usr/local/opt/curl-ca-bundle/share/ca-bundle.crt
-rw-r--r--  1 rmoriz  wheel  251339 19 Jan  2013 /usr/local/opt/curl-ca-bundle/share/ca-bundle.crt

➜  ~  curl -s https://213.133.107.227/ --cacert /usr/local/opt/curl-ca-bundle/share/ca-bundle.crt  --head
HTTP/1.1 200 OK
Date: Thu, 28 Nov 2013 17:53:09 GMT
Server: Apache
X-Powered-By: PHP/5.3.27
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: exp_last_visit=1070301189; expires=Fri, 28-Nov-2014 17:53:09 GMT; path=/
Set-Cookie: exp_last_activity=1385661189; expires=Fri, 28-Nov-2014 17:53:09 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
Last-Modified: Thu, 28 Nov 2013 17:53:09 GMT
Content-Type: text/html; charset=UTF-8

➜  ~  curl -s https://213.133.107.227/ --head
HTTP/1.1 200 OK
Date: Thu, 28 Nov 2013 17:58:40 GMT
Server: Apache
X-Powered-By: PHP/5.3.27
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: exp_last_visit=1070301520; expires=Fri, 28-Nov-2014 17:58:40 GMT; path=/
Set-Cookie: exp_last_activity=1385661520; expires=Fri, 28-Nov-2014 17:58:40 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
Last-Modified: Thu, 28 Nov 2013 17:58:40 GMT
Content-Type: text/html; charset=UTF-8


Ubuntu 12.04 LTS
================
# curl --version
curl 7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp smtp smtps telnet tftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP

# curl https://213.133.107.227/
curl: (51) SSL: certificate subject name '*.hetzner.de' does not match target host name '213.133.107.227'


Ubuntu 13.10
================
# curl --version
curl 7.33.0 (x86_64-pc-linux-gnu) libcurl/7.33.0 OpenSSL/1.0.1e zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP

# curl https://213.133.107.227/
curl: (51) SSL: certificate subject name '*.hetzner.de' does not match target host name '213.133.107.227'

## gistfile2.txt
OSX 10.9
========

# SETUP

➜  ~  curl -V
curl 7.30.0 (x86_64-apple-darwin13.0) libcurl/7.30.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz

➜  ~  host moriz.de
moriz.de has address 5.9.220.66
moriz.de has IPv6 address 2a01:4f8:160:5ffb:66::1
moriz.de mail is handled by 10 mail.moriz.net.


# AS EXPECTED…

➜  ~  curl --head https://moriz.de/ -vvvvv
* Adding handle: conn: 0x7f967280c000
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7f967280c000) send_pipe: 1, recv_pipe: 0
* About to connect() to moriz.de port 443 (#0)
*   Trying 5.9.220.66...
* Connected to moriz.de (5.9.220.66) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* Server certificate: www.moriz.de (s04Lh1lTfzthqsjt)
* Server certificate: StartCom Class 1 Primary Intermediate Server CA
* Server certificate: StartCom Certification Authority
> HEAD / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: moriz.de
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
* Server nginx/1.4.4 is not blacklisted
< Server: nginx/1.4.4
Server: nginx/1.4.4
< Date: Thu, 28 Nov 2013 18:14:28 GMT
Date: Thu, 28 Nov 2013 18:14:28 GMT
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Content-Length: 4386
Content-Length: 4386
< Connection: keep-alive
Connection: keep-alive
< Status: 200 OK
Status: 200 OK
< Cache-Control: max-age=43200, public
Cache-Control: max-age=43200, public
< X-UA-Compatible: IE=Edge,chrome=1
X-UA-Compatible: IE=Edge,chrome=1
< ETag: "e178715e47e8b2465f97ef17ccf49135"
ETag: "e178715e47e8b2465f97ef17ccf49135"
< X-Request-Id: d7978b32435d2c90cf87089d821b5178
X-Request-Id: d7978b32435d2c90cf87089d821b5178
< X-Runtime: 0.040031
X-Runtime: 0.040031
< X-Content-Digest: f67f461a51263e4d40f19d6058b12c6444d51a49
X-Content-Digest: f67f461a51263e4d40f19d6058b12c6444d51a49
< Age: 23288
Age: 23288
< X-Rack-Cache: fresh
X-Rack-Cache: fresh

<
* Connection #0 to host moriz.de left intact


# NOT AS EXPECTED… CERT is not valid for IP 5.9.220.66…
#

➜  ~  curl --head https://5.9.220.66/ -vvvvv
* About to connect() to 5.9.220.66 port 443 (#0)
*   Trying 5.9.220.66...
* Adding handle: conn: 0x7fadc900aa00
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fadc900aa00) send_pipe: 1, recv_pipe: 0
* Connected to 5.9.220.66 (5.9.220.66) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* Server certificate: www.moriz.de (s04Lh1lTfzthqsjt)
* Server certificate: StartCom Class 1 Primary Intermediate Server CA
* Server certificate: StartCom Certification Authority
> HEAD / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: 5.9.220.66
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
* Server nginx/1.4.4 is not blacklisted
< Server: nginx/1.4.4
Server: nginx/1.4.4
< Date: Thu, 28 Nov 2013 18:14:38 GMT
Date: Thu, 28 Nov 2013 18:14:38 GMT
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Connection: keep-alive
Connection: keep-alive
< Status: 200 OK
Status: 200 OK
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-UA-Compatible: chrome=1
X-UA-Compatible: chrome=1
< X-XHR-Current-Location: /
X-XHR-Current-Location: /
< ETag: "f6a7b19f401af748c990f34d26508d69"
ETag: "f6a7b19f401af748c990f34d26508d69"
< Cache-Control: max-age=0, private, must-revalidate
Cache-Control: max-age=0, private, must-revalidate
< Set-Cookie: request_method=GET; path=/
Set-Cookie: request_method=GET; path=/
< Set-Cookie: _domio_session=WThtRSs5TEVwUVZoc3UxR0htYmRTbEg3c1MyK1NyUzFXa0N1L1ZPc3ZtRGFIS0tiUXhLVm55S2dGcksxRWd3VmJiSUVhUitEYVVvZjFHU2lMMFVzWGh5VjAwQml4bnBGNDRUdUVPYmpTM2sxbE8rRUlqR0RsQVFIZ0lTcG5mbmFENzU2RVh1RW90amZBNzFvcmVZTGJMSUJNTEdidG5neUhFeVdsNlYyR2ZxRlRXUVZZNWFwUDlTejNBUnc5ak52LS1sTzNIVnFtcVg3TGxscllRQkkrb0tnPT0%3D--808a5f077abcca9bf5ac0bf0798529fc61c9613c; path=/; HttpOnly
Set-Cookie: _domio_session=WThtRSs5TEVwUVZoc3UxR0htYmRTbEg3c1MyK1NyUzFXa0N1L1ZPc3ZtRGFIS0tiUXhLVm55S2dGcksxRWd3VmJiSUVhUitEYVVvZjFHU2lMMFVzWGh5VjAwQml4bnBGNDRUdUVPYmpTM2sxbE8rRUlqR0RsQVFIZ0lTcG5mbmFENzU2RVh1RW90amZBNzFvcmVZTGJMSUJNTEdidG5neUhFeVdsNlYyR2ZxRlRXUVZZNWFwUDlTejNBUnc5ak52LS1sTzNIVnFtcVg3TGxscllRQkkrb0tnPT0%3D--808a5f077abcca9bf5ac0bf0798529fc61c9613c; path=/; HttpOnly
< X-Request-Id: dbc25387-2847-46eb-a597-0fa38410fbbe
X-Request-Id: dbc25387-2847-46eb-a597-0fa38410fbbe
< X-Runtime: 0.010834
X-Runtime: 0.010834
< X-Rack-Cache: miss
X-Rack-Cache: miss

<
* Connection #0 to host 5.9.220.66 left intact
	10.9
	====

	➜ ~ curl --version
	curl 7.30.0 (x86_64-apple-darwin13.0) libcurl/7.30.0 SecureTransport zlib/1.2.5
	Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
	Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz

	➜ ~ ls -la /usr/local/opt/curl-ca-bundle/share/ca-bundle.crt
	-rw-r--r-- 1 rmoriz wheel 251339 19 Jan 2013 /usr/local/opt/curl-ca-bundle/share/ca-bundle.crt

	➜ ~ curl -s https://213.133.107.227/ --cacert /usr/local/opt/curl-ca-bundle/share/ca-bundle.crt --head
	HTTP/1.1 200 OK
	Date: Thu, 28 Nov 2013 17:53:09 GMT
	Server: Apache
	X-Powered-By: PHP/5.3.27
	Expires: Mon, 26 Jul 1997 05:00:00 GMT
	Pragma: no-cache
	Set-Cookie: exp_last_visit=1070301189; expires=Fri, 28-Nov-2014 17:53:09 GMT; path=/
	Set-Cookie: exp_last_activity=1385661189; expires=Fri, 28-Nov-2014 17:53:09 GMT; path=/
	Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
	Last-Modified: Thu, 28 Nov 2013 17:53:09 GMT
	Content-Type: text/html; charset=UTF-8

	➜ ~ curl -s https://213.133.107.227/ --head
	HTTP/1.1 200 OK
	Date: Thu, 28 Nov 2013 17:58:40 GMT
	Server: Apache
	X-Powered-By: PHP/5.3.27
	Expires: Mon, 26 Jul 1997 05:00:00 GMT
	Pragma: no-cache
	Set-Cookie: exp_last_visit=1070301520; expires=Fri, 28-Nov-2014 17:58:40 GMT; path=/
	Set-Cookie: exp_last_activity=1385661520; expires=Fri, 28-Nov-2014 17:58:40 GMT; path=/
	Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
	Last-Modified: Thu, 28 Nov 2013 17:58:40 GMT
	Content-Type: text/html; charset=UTF-8


	Ubuntu 12.04 LTS
	================
	# curl --version
	curl 7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
	Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp smtp smtps telnet tftp
	Features: GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP

	# curl https://213.133.107.227/
	curl: (51) SSL: certificate subject name '*.hetzner.de' does not match target host name '213.133.107.227'


	Ubuntu 13.10
	================
	# curl --version
	curl 7.33.0 (x86_64-pc-linux-gnu) libcurl/7.33.0 OpenSSL/1.0.1e zlib/1.2.8 libidn/1.28 librtmp/2.3
	Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp
	Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP

	# curl https://213.133.107.227/
	curl: (51) SSL: certificate subject name '*.hetzner.de' does not match target host name '213.133.107.227'
	OSX 10.9
	========

	# SETUP

	➜ ~ curl -V
	curl 7.30.0 (x86_64-apple-darwin13.0) libcurl/7.30.0 SecureTransport zlib/1.2.5
	Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
	Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz

	➜ ~ host moriz.de
	moriz.de has address 5.9.220.66
	moriz.de has IPv6 address 2a01:4f8:160:5ffb:66::1
	moriz.de mail is handled by 10 mail.moriz.net.



	# AS EXPECTED…

	➜ ~ curl --head https://moriz.de/ -vvvvv
	* Adding handle: conn: 0x7f967280c000
	* Adding handle: send: 0
	* Adding handle: recv: 0
	* Curl_addHandleToPipeline: length: 1
	* - Conn 0 (0x7f967280c000) send_pipe: 1, recv_pipe: 0
	* About to connect() to moriz.de port 443 (#0)
	* Trying 5.9.220.66...
	* Connected to moriz.de (5.9.220.66) port 443 (#0)
	* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
	* Server certificate: www.moriz.de (s04Lh1lTfzthqsjt)
	* Server certificate: StartCom Class 1 Primary Intermediate Server CA
	* Server certificate: StartCom Certification Authority
	> HEAD / HTTP/1.1
	> User-Agent: curl/7.30.0
	> Host: moriz.de
	> Accept: /
	>
	< HTTP/1.1 200 OK
	HTTP/1.1 200 OK
	* Server nginx/1.4.4 is not blacklisted
	< Server: nginx/1.4.4
	Server: nginx/1.4.4
	< Date: Thu, 28 Nov 2013 18:14:28 GMT
	Date: Thu, 28 Nov 2013 18:14:28 GMT
	< Content-Type: text/html; charset=utf-8
	Content-Type: text/html; charset=utf-8
	< Content-Length: 4386
	Content-Length: 4386
	< Connection: keep-alive
	Connection: keep-alive
	< Status: 200 OK
	Status: 200 OK
	< Cache-Control: max-age=43200, public
	Cache-Control: max-age=43200, public
	< X-UA-Compatible: IE=Edge,chrome=1
	X-UA-Compatible: IE=Edge,chrome=1
	< ETag: "e178715e47e8b2465f97ef17ccf49135"
	ETag: "e178715e47e8b2465f97ef17ccf49135"
	< X-Request-Id: d7978b32435d2c90cf87089d821b5178
	X-Request-Id: d7978b32435d2c90cf87089d821b5178
	< X-Runtime: 0.040031
	X-Runtime: 0.040031
	< X-Content-Digest: f67f461a51263e4d40f19d6058b12c6444d51a49
	X-Content-Digest: f67f461a51263e4d40f19d6058b12c6444d51a49
	< Age: 23288
	Age: 23288
	< X-Rack-Cache: fresh
	X-Rack-Cache: fresh

	<
	* Connection #0 to host moriz.de left intact





	# NOT AS EXPECTED… CERT is not valid for IP 5.9.220.66…
	#

	➜ ~ curl --head https://5.9.220.66/ -vvvvv
	* About to connect() to 5.9.220.66 port 443 (#0)
	* Trying 5.9.220.66...
	* Adding handle: conn: 0x7fadc900aa00
	* Adding handle: send: 0
	* Adding handle: recv: 0
	* Curl_addHandleToPipeline: length: 1
	* - Conn 0 (0x7fadc900aa00) send_pipe: 1, recv_pipe: 0
	* Connected to 5.9.220.66 (5.9.220.66) port 443 (#0)
	* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
	* Server certificate: www.moriz.de (s04Lh1lTfzthqsjt)
	* Server certificate: StartCom Class 1 Primary Intermediate Server CA
	* Server certificate: StartCom Certification Authority
	> HEAD / HTTP/1.1
	> User-Agent: curl/7.30.0
	> Host: 5.9.220.66
	> Accept: /
	>
	< HTTP/1.1 200 OK
	HTTP/1.1 200 OK
	* Server nginx/1.4.4 is not blacklisted
	< Server: nginx/1.4.4
	Server: nginx/1.4.4
	< Date: Thu, 28 Nov 2013 18:14:38 GMT
	Date: Thu, 28 Nov 2013 18:14:38 GMT
	< Content-Type: text/html; charset=utf-8
	Content-Type: text/html; charset=utf-8
	< Connection: keep-alive
	Connection: keep-alive
	< Status: 200 OK
	Status: 200 OK
	< X-Frame-Options: SAMEORIGIN
	X-Frame-Options: SAMEORIGIN
	< X-XSS-Protection: 1; mode=block
	X-XSS-Protection: 1; mode=block
	< X-Content-Type-Options: nosniff
	X-Content-Type-Options: nosniff
	< X-UA-Compatible: chrome=1
	X-UA-Compatible: chrome=1
	< X-XHR-Current-Location: /
	X-XHR-Current-Location: /
	< ETag: "f6a7b19f401af748c990f34d26508d69"
	ETag: "f6a7b19f401af748c990f34d26508d69"
	< Cache-Control: max-age=0, private, must-revalidate
	Cache-Control: max-age=0, private, must-revalidate
	< Set-Cookie: request_method=GET; path=/
	Set-Cookie: request_method=GET; path=/
	< Set-Cookie: _domio_session=WThtRSs5TEVwUVZoc3UxR0htYmRTbEg3c1MyK1NyUzFXa0N1L1ZPc3ZtRGFIS0tiUXhLVm55S2dGcksxRWd3VmJiSUVhUitEYVVvZjFHU2lMMFVzWGh5VjAwQml4bnBGNDRUdUVPYmpTM2sxbE8rRUlqR0RsQVFIZ0lTcG5mbmFENzU2RVh1RW90amZBNzFvcmVZTGJMSUJNTEdidG5neUhFeVdsNlYyR2ZxRlRXUVZZNWFwUDlTejNBUnc5ak52LS1sTzNIVnFtcVg3TGxscllRQkkrb0tnPT0%3D--808a5f077abcca9bf5ac0bf0798529fc61c9613c; path=/; HttpOnly
	Set-Cookie: _domio_session=WThtRSs5TEVwUVZoc3UxR0htYmRTbEg3c1MyK1NyUzFXa0N1L1ZPc3ZtRGFIS0tiUXhLVm55S2dGcksxRWd3VmJiSUVhUitEYVVvZjFHU2lMMFVzWGh5VjAwQml4bnBGNDRUdUVPYmpTM2sxbE8rRUlqR0RsQVFIZ0lTcG5mbmFENzU2RVh1RW90amZBNzFvcmVZTGJMSUJNTEdidG5neUhFeVdsNlYyR2ZxRlRXUVZZNWFwUDlTejNBUnc5ak52LS1sTzNIVnFtcVg3TGxscllRQkkrb0tnPT0%3D--808a5f077abcca9bf5ac0bf0798529fc61c9613c; path=/; HttpOnly
	< X-Request-Id: dbc25387-2847-46eb-a597-0fa38410fbbe
	X-Request-Id: dbc25387-2847-46eb-a597-0fa38410fbbe
	< X-Runtime: 0.010834
	X-Runtime: 0.010834
	< X-Rack-Cache: miss
	X-Rack-Cache: miss

	<
	* Connection #0 to host 5.9.220.66 left intact