On 08/28/2010 07:34 PM, Carson Hewitt wrote: > Hello, > > I was trying to open an audio stream over https using VLC (1.1.3), which > bundles > gnutls. > > The CA chain verification is fine. Then we get: > > gnutls error: Certificate does not match "foo.bar.example.com" > Indeed, the common name of the server certificate is "*.example.com", which > does > not match our hostname because of the dot in foo.bar (I don't know if this > behaviour is specified by the protocols implemented by gnutls, or if it's up > to > the implementation). > Is there a way to convince gnutls to trust the certificate even if it does not > match the hostname ?
gnutls name verification functions follow RFC2818 that explicitly says that *.example.com should not match foo.bar.example.com. However using the RFC2818 name checking is up to the application using gnutls. Just tell your application not to check the name on the certificate. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
