On Mon, Jul 21, 2014 at 09:06:49AM +0200, Oswald Buddenhagen wrote: > On Sat, Jul 19, 2014 at 08:03:53PM +0200, Mark Pustjens wrote: > > According to the manual on the option CertificateFile: > > ``Directly matched peer certificates are always trusted, regardless of > > validity.'' > > > > However, I still get the error ``certificate owner does not match > > hostname''. The error is right in that the domain of the certificate does > > not match the Host domain in the configuration. It is wrong in that > > according to the manual, this check should have passed. > > > > The attached patch adds an option CertificateDomain, which is used to > > match against the certificate. Given the manual, this might not be > > intended. > > > > What is the intended behaviour, and what would be the preferred way to > > solve it? > > > i need to research this myself. thanks for the report. > mbsync should skip the subject verification. and it actually tries to do that: socket.c:161 i have no clue what went wrong. try openssl s_client -verbose [...]
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
