On Mon, Dec 12, 2011 at 11:45:20AM -0800, David Brown wrote: >USING: kernel http.client urls.secure ; >IN: test-vocab > >"https://ipv4.tunnelbroker.net"; http-get > >throws a Common name verification failed exception with > > expected: "ipv4.tunnelbroker.net" > got: "tunnelbroker.net" > >Firefox, openssl s_client, gnutls-cli all seem happy with this >situation. I wonder if something about ssl CN validation has changed.
It turns out that x509v3 has an extra field for subject alternate name, and https requires that the check use that if present. I'll look into seeing if I can figure out how to add this to the openssl code. Thanks, David ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure _______________________________________________ Factor-talk mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/factor-talk
