lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] SSL Certificate; www.domain.example vs. domain.example

From: Thorsten Glaser
Subject: Re: [Lynx-dev] SSL Certificate; www.domain.example vs. domain.example
Date: Thu, 15 Jan 2009 18:54:51 +0000 (UTC) 
Jori Mantysalo dixit:

> When you go to https://www.eroakirkosta.fi with Lynx you get
>
> SSL error:host(www.eroakirkosta.fi)!=cert(eroakirkosta.fi)-Continue? (y)

Your Lynx is too old, but still correct. The X.509v1 server certificate is on
        Subject: C=FI/postalCode=33100, ST=Pirkanmaa, 
L=Tampere/streetAddress=Yliopistonkatu 58 B, O=Tampereen vapaa-ajattelijat ry, 
OU=eroakirkosta.fi, OU=Hosted by Osuuskunta Sange, OU=Comodo InstantSSL, 
CN=eroakirkosta.fi
whose CN is detected by Lynx.

However, there is an additional X.509v3 extension:
            X509v3 Subject Alternative Name:
                DNS:eroakirkosta.fi, DNS:www.eroakirkosta.fi
This is seen by more current Lynx, I wrote that code myself.


Stefan Caunter dixit:

>Can you post lynx -version? Looks like the server presents cert as
>below but redirects client to www.

CAcert.org did too, which was the reason I wrote the code (for
annoyance).

>You probably need to update cert bundle.

While he might want to (it validates with ssl.certs.shar,v 1.20),
this was not the cause of the line he posted, which is independent
from (orthogonal to) the certificate signature validation.

bye,
//mirabilos
-- 
17:57 < jtsn> Der 25C3 ist lustig. Deutsche Vortragende brechen sich vor
deutschen Zuhörern auf Englisch einen ab. ;-)  18:01 < jtsn> Adolfs Werk
war sehr nachhaltig. ;-)    18:01 < jtsn> Das gab's nichtmal in der DDR,
das Deutsche mit Deutschen auf Russisch reden. ;-)          (10x cnuke@)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]