USING: kernel http.client urls.secure ; IN: test-vocab "https://ipv4.tunnelbroker.net"; http-get
throws a Common name verification failed exception with expected: "ipv4.tunnelbroker.net" got: "tunnelbroker.net" Firefox, openssl s_client, gnutls-cli all seem happy with this situation. I wonder if something about ssl CN validation has changed. Is there any way to bypass this check (even possibly for this specific case) short of just editing openssl.factor and changing the test? If anyone has pointers on what the rules are supposed to be, I could also take a shot at updating the code. Below is the output of gnutls-cli, which also claims that this should match: Thanks, David Resolving 'ipv4.tunnelbroker.net'... Connecting to '64.62.200.2:443'... - Ephemeral Diffie-Hellman parameters - Using prime: 1024 bits - Secret key: 1021 bits - Peer's public key: 1024 bits - Certificate type: X.509 - Got a certificate list of 4 certificates. - Certificate[0] info: - subject `O=tunnelbroker.net,OU=Domain Control Validated,CN=tunnelbroker.net', issuer `C=US,ST=Arizona,L=Scottsdale,O=Starfield Technologies\, Inc.,OU=http://certificates.starfieldtech.com/repository,CN=Starfield Secure Certification Authority,serialNumber=10688435', RSA key 2048 bits, signed using RSA-SHA1, activated `2011-11-05 00:44:14 UTC', expires `2016-11-04 21:10:42 UTC', SHA-1 fingerprint `996169ba982488f5212f03f3ae91f628ee21481a' - Certificate[1] info: - subject `C=US,ST=Arizona,L=Scottsdale,O=Starfield Technologies\, Inc.,OU=http://certificates.starfieldtech.com/repository,CN=Starfield Secure Certification Authority,serialNumber=10688435', issuer `C=US,O=Starfield Technologies\, Inc.,OU=Starfield Class 2 Certification Authority', RSA key 2048 bits, signed using RSA-SHA1, activated `2006-11-16 01:15:40 UTC', expires `2026-11-16 01:15:40 UTC', SHA-1 fingerprint `7e1874a98faa5d6d2f506a8920ff22fbd16652d9' - Certificate[2] info: - subject `C=US,O=Starfield Technologies\, Inc.,OU=Starfield Class 2 Certification Authority', issuer `L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert Class 2 Policy Validation Authority,CN=http://www.valicert.com/,[email protected]', RSA key 2048 bits, signed using RSA-SHA1, activated `2004-06-29 17:39:16 UTC', expires `2024-06-29 17:39:16 UTC', SHA-1 fingerprint `363e4734f757bdeb89868efe94907774a327695e' - Certificate[3] info: - subject `L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert Class 2 Policy Validation Authority,CN=http://www.valicert.com/,[email protected]', issuer `L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert Class 2 Policy Validation Authority,CN=http://www.valicert.com/,[email protected]', RSA key 1024 bits, signed using RSA-SHA1, activated `1999-06-26 00:19:54 UTC', expires `2019-06-26 00:19:54 UTC', SHA-1 fingerprint `317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca6' - The hostname in the certificate matches 'ipv4.tunnelbroker.net'. - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Version: TLS1.0 - Key Exchange: DHE-RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode: ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure _______________________________________________ Factor-talk mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/factor-talk
