Hello, I experienced the test failure reported at <https://lists.gnu.org/archive/html/bug-wget/2017-06/msg00009.html> for ‘testenv/Test--https.py’ and related tests with:
The certificate's owner does not match hostname There’s no problem when wget is built against GnuTLS 3.5.9; the test failure shows up when wget is built against GnuTLS 3.5.13. After digging a bit, I found this change in GnuTLS 3.5.12 ‘NEWS’: --8<---------------cut here---------------start------------->8--- ** libgnutls: gnutls_x509_crt_check_hostname2() no longer matches IP addresses against DNS fields of certificate (CN or DNSname). The previous behavior was to tolerate some misconfigured servers, but that was non-standard and skipped any IP constraints present in higher level certificates. --8<---------------cut here---------------end--------------->8--- I think the fix is (1) to explicitly regenerate test certificates that use “localhost” as their ‘DNSname’ (when replying to certtool’s “Enter a dnsName of the subject of the certificate”), and (2) to use “localhost” instead of “127.0.0.1” in test URIs. Thoughts? Ludo’.
