[Cyberduck-trac] [Cyberduck] #3813: Amazon S3 throws certificate trust errors for DNS-named buckets
Cyberduck
trac at trac.cyberduck.ch
Tue Oct 13 17:45:02 CEST 2009
#3813: Amazon S3 throws certificate trust errors for DNS-named buckets
--------------------+-------------------------------------------------------
Reporter: samj | Owner: dkocher
Type: defect | Status: new
Priority: normal | Milestone:
Component: s3 | Version: 3.3b4
Severity: normal | Keywords:
--------------------+-------------------------------------------------------
Changes (by dkocher):
* component: core => s3
Comment:
Replying to [ticket:3813 samj]:
> For each bucket that uses an FQDN as its name (e.g. media.samj.net)
rather than a bare token (e.g. digitalcourier) Cyberduck wants to connect
to fqdn.s3.amazonaws.com (e.g. media.samj.net.s3.amazonaws.com) which
fails certificate verification even though a *.s3.amazonaws.com wildcard
certificate is in place.
RFC 2818 says
{{{
Matching is performed using the matching rules specified by
[RFC2459]. If more than one identity of a given type is present in
the certificate (e.g., more than one dNSName name, a match in any one
of the set is considered acceptable.) Names may contain the wildcard
character * which is considered to match any single domain name
component or component fragment. E.g., *.a.com matches foo.a.com but
not bar.foo.a.com. f*.com matches foo.com but not bar.com.
}}}
--
Ticket URL: <http://trac.cyberduck.ch/ticket/3813#comment:1>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV, Cloud Files and Amazon S3 Browser for Mac OS X.
More information about the Cyberduck-trac
mailing list