[Cyberduck-trac] [Cyberduck] #5247: Initial Download Website Error Message

Cyberduck trac at trac.cyberduck.ch
Fri Oct 1 07:41:57 CEST 2010


#5247: Initial Download Website Error Message
---------------------------------------+------------------------------------
    Reporter:  billsteiner             |        Owner:  dkocher  
        Type:  defect                  |       Status:  closed   
    Priority:  normal                  |    Milestone:           
   Component:  website                 |      Version:  3.6.1    
    Severity:  major                   |   Resolution:  fixed    
    Keywords:  Download Error Message  |     Platform:  Windows 7
Architecture:  Intel                   |  
---------------------------------------+------------------------------------
Changes (by yla):

  * status:  new => closed
  * resolution:  => fixed


Comment:

 The Amazon SSL certificate is a wildcard certificate for
 '*.s3.amazonaws.com'. As we have a bucket 'cyberduck.ch' this leads to a
 hostname with an additional level -> 'cyberduck.ch.s3.amazonaws.com'.
 According to the memo [http://www.ietf.org/rfc/rfc2818.txt RFC2818] this
 identity does not match the certificate. Section 3.1 says:

   ...
   If more than one identity of a given type is present in
   the certificate (e.g., more than one dNSName name, a match in any one
   of the set is considered acceptable.) Names may contain the wildcard
   character * which is considered to match any single domain name
   component or component fragment. E.g., *.a.com matches foo.a.com but
   not bar.foo.a.com. f*.com matches foo.com but not bar.com.
   ...

 To prevent the warning page we should choose a different bucket or we
 don't use SSL for distribution anymore. The link you got is also valid
 with http:// instead of https://.

-- 
Ticket URL: <http://trac.cyberduck.ch/ticket/5247#comment:1>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV, Cloud Files, Google Docs, Azure and S3 Browser for Mac OS X.


More information about the Cyberduck-trac mailing list