[Cyberduck-trac] [Cyberduck] #5247: Initial Download Website Error Message
Cyberduck
trac at trac.cyberduck.ch
Fri Oct 1 07:41:57 CEST 2010
#5247: Initial Download Website Error Message
---------------------------------------+------------------------------------
Reporter: billsteiner | Owner: dkocher
Type: defect | Status: closed
Priority: normal | Milestone:
Component: website | Version: 3.6.1
Severity: major | Resolution: fixed
Keywords: Download Error Message | Platform: Windows 7
Architecture: Intel |
---------------------------------------+------------------------------------
Changes (by yla):
* status: new => closed
* resolution: => fixed
Comment:
The Amazon SSL certificate is a wildcard certificate for
'*.s3.amazonaws.com'. As we have a bucket 'cyberduck.ch' this leads to a
hostname with an additional level -> 'cyberduck.ch.s3.amazonaws.com'.
According to the memo [http://www.ietf.org/rfc/rfc2818.txt RFC2818] this
identity does not match the certificate. Section 3.1 says:
...
If more than one identity of a given type is present in
the certificate (e.g., more than one dNSName name, a match in any one
of the set is considered acceptable.) Names may contain the wildcard
character * which is considered to match any single domain name
component or component fragment. E.g., *.a.com matches foo.a.com but
not bar.foo.a.com. f*.com matches foo.com but not bar.com.
...
To prevent the warning page we should choose a different bucket or we
don't use SSL for distribution anymore. The link you got is also valid
with http:// instead of https://.
--
Ticket URL: <http://trac.cyberduck.ch/ticket/5247#comment:1>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV, Cloud Files, Google Docs, Azure and S3 Browser for Mac OS X.
More information about the Cyberduck-trac
mailing list