[Cyberduck-trac] [Cyberduck] #3813: Amazon S3 throws certificate trust errors for DNS-named buckets

Cyberduck trac at trac.cyberduck.ch
Tue Oct 13 17:45:02 CEST 2009

#3813: Amazon S3 throws certificate trust errors for DNS-named buckets
 Reporter:  samj    |       Owner:  dkocher
     Type:  defect  |      Status:  new    
 Priority:  normal  |   Milestone:         
Component:  s3      |     Version:  3.3b4  
 Severity:  normal  |    Keywords:         
Changes (by dkocher):

  * component:  core => s3


 Replying to [ticket:3813 samj]:
 > For each bucket that uses an FQDN as its name (e.g. media.samj.net)
 rather than a bare token (e.g. digitalcourier) Cyberduck wants to connect
 to fqdn.s3.amazonaws.com (e.g. media.samj.net.s3.amazonaws.com) which
 fails certificate verification even though a *.s3.amazonaws.com wildcard
 certificate is in place.

 RFC 2818 says

    Matching is performed using the matching rules specified by
    [RFC2459].  If more than one identity of a given type is present in
    the certificate (e.g., more than one dNSName name, a match in any one
    of the set is considered acceptable.) Names may contain the wildcard
    character * which is considered to match any single domain name
    component or component fragment. E.g., *.a.com matches foo.a.com but
    not bar.foo.a.com. f*.com matches foo.com but not bar.com.

Ticket URL: <http://trac.cyberduck.ch/ticket/3813#comment:1>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV, Cloud Files and Amazon S3 Browser for Mac OS X.

More information about the Cyberduck-trac mailing list