[Cyberduck-trac] [Cyberduck] #2856: FTPS does not support subjectAltName attributes in SSL certificates
Cyberduck
trac at trac.cyberduck.ch
Thu Jan 8 19:50:54 CET 2009
#2856: FTPS does not support subjectAltName attributes in SSL certificates
------------------------------+---------------------------------------------
Reporter: brandonvalentine | Owner: dkocher
Type: defect | Status: new
Priority: normal | Milestone:
Component: ftp-tls | Version: 3.1
Severity: normal | Keywords: ssl, tls, subjectaltname, ucc, san, subjectalternativename
------------------------------+---------------------------------------------
I love, love, love the Cyberduck but have recently found a bug in the way
it evaluates the trustworthiness of SSL certificates. It checks only the
Common Name for a match on the server name but ignores the subjectAltName
extensions, which are a perfectly valid and common way to secure
additional domain names under one certificate. I'd love to see this added
to a future Cyberduck update as the alternative is to add a bunch of
explicit certificate trusts to your Keychain when working with sites
secured this way. Attached are screenshots of what Cyberduck does when
connecting to an FTP URL which is secured in the subjectAltName of a
certificate with a different Common Name.
--
Ticket URL: <http://trac.cyberduck.ch/ticket/2856>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV and Amazon S3 Browser for Mac OS X.
More information about the Cyberduck-trac
mailing list