On Thu, Nov 8, 2012 at 10:34 AM, Ben Noordhuis <[email protected]> wrote: > On Thu, Nov 8, 2012 at 6:28 PM, Shawn Parrish <[email protected]> wrote: >> We thought that might be the case but the checks work fine in 0.4.12, >> are seen as valid by all major browsers as well as curl, like you >> said. Some Thawte certs which I believe are valid are also failing >> with this error message. >> >> I'm pretty sure the error is incorrect as the hostname matches. >> >> Any other ideas? >> >> Thanks, >> Shawn > > I wouldn't put too much weight on what 0.4.x does, its SSL/TLS > implementation is horribly flawed. If you have examples of sites that > you believe should validate, please open an issue and I'll look into > it. > > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en
Looks like these certs don't have a subjectaltname element like most wildcard certs do. lib.js assumes wildcard certs will have subjectaltname and doesn't check the depreciated subject.CN for wildcard match on lines 163 and 166. I'll submit an issue, just wanted to document it here as well. I can send a pull request as well if you'd like. Thanks, Shawn -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
