Le 01/06/2012 15:52, Marco Gaiarin a écrit :
This is an hostname mismatch issue: the URL uses
'helpdesk.ct.lnf.it' whereas the certificate is only valid for
'meti.ct.lnf.it'. Only --no-ssl-check will help there, certification
authority is not in cause.
But i use 'subject alt name' as '*.ct.lnf.it', and i've had no trouble
at all with browsers and other tool to verify certificates, and event
the windows version of the client connect with no trouble at all.
The log say:
'/C=IT/ST=Salerno/L=Cava De' Tirreni/O=Associazione La Nostra
Famiglia/OU=Cava De' Tirreni/CN=meti.ct.lnf.it' !~
//CN=(helpdesk|\*)\.ct\.lnf\.it($|\/)/`
But the regexp seems to me wrong, better:
/\/CN=(helpdesk|\*)\.ct\.lnf\.it($|\/)/
and this way will match...
Old LWP 5.x doesn't allow to use underlying SSL implementation code to
check certificate, and only allows to use a perl regexp to match against
certificate name: poor man abstraction layer...
In order to use a full-featured SSL certificate checking, you have to
switch to agent 2.2.x, use IO::Socket::SSL instead of
Net::Crypt::SSLeay, and upgrade LWP to 6.x.
The windows agent (actually, the windows distribution of the very same
agent) ships with those versions, hence the different result.
--
The greater the importance of decisions to be made, the larger must be
the committee assigned to make them
-- Murphy's In Laws n°14
_______________________________________________
Fusioninventory-user mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/fusioninventory-user
