v2.2.27 released
Joseph Tam
jtam.home at gmail.com
Mon Dec 5 20:40:18 UTC 2016
On Mon, 5 Dec 2016, Aki Tuomi wrote:
>>
>> wget complained about
>>
>> ERROR: certificate common name `wiki.dovecot.org' doesn't match requested host name `dovecot.org'.
>>
>
> Despite what wget says the cert does have subject alternate name correctly specified.
Ah, you're right, "wget" lied to me
$ openssl s_client -connect dovecot.org:443 </dev/null 2>&1 | openssl x509 -noout -text | grep DNS:
DNS:dovecot.org, DNS:hg.dovecot.org, DNS:imapwiki.org, DNS:master.wiki.dovecot.org, DNS:master.wiki1.dovecot.org, DNS:master.wiki2.dovecot.org, DNS:pigeonhole.dovecot.nl, DNS:pigeonhole.dovecot.org, DNS:wiki.dovecot.org, DNS:wiki1.dovecot.org, DNS:wiki2.dovecot.org, DNS:www.dovecot.org, DNS:www.imapwiki.org
> Try adding cacert dir or file option. I recall wget being "helpful"
> and reporting this for all cert errors if primary CN and requested name
> disagree.
The CN is supposed to be ignored in the presence of SANs. Looks like
I need to update wget
https://bugzilla.redhat.com/show_bug.cgi?id=903756
Thanks for setting me straight.
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list