5 Dec
2016
5 Dec
'16
10:40 p.m.
On Mon, 5 Dec 2016, Aki Tuomi wrote:
wget complained about
ERROR: certificate common name
wiki.dovecot.org' doesn't match requested host namedovecot.org'.Despite what wget says the cert does have subject alternate name correctly specified.
Ah, you're right, "wget" lied to me
$ openssl s_client -connect dovecot.org:443 </dev/null 2>&1 | openssl x509 -noout -text | grep DNS:
DNS:dovecot.org, DNS:hg.dovecot.org, DNS:imapwiki.org, DNS:master.wiki.dovecot.org, DNS:master.wiki1.dovecot.org, DNS:master.wiki2.dovecot.org, DNS:pigeonhole.dovecot.nl, DNS:pigeonhole.dovecot.org, DNS:wiki.dovecot.org, DNS:wiki1.dovecot.org, DNS:wiki2.dovecot.org, DNS:www.dovecot.org, DNS:www.imapwiki.orgTry adding cacert dir or file option. I recall wget being "helpful" and reporting this for all cert errors if primary CN and requested name disagree.
The CN is supposed to be ignored in the presence of SANs. Looks like I need to update wget
https://bugzilla.redhat.com/show_bug.cgi?id=903756Thanks for setting me straight.
Joseph Tam jtam.home@gmail.com