[Cyberduck-trac] [Cyberduck] #7831: SNI support in the non-App Store version

Cyberduck trac at trac.cyberduck.io
Mon Mar 3 08:26:00 UTC 2014 

#7831: SNI support in the non-App Store version
---------------------------+-------------------------
 Reporter:  sergei         |         Owner:  dkocher
     Type:  defect         |        Status:  assigned
 Priority:  normal         |     Milestone:  4.4.4
Component:  webdav         |       Version:  4.4.3
 Severity:  normal         |    Resolution:
 Keywords:                 |  Architecture:  Intel
 Platform:  Mac OS X 10.9  |
---------------------------+-------------------------
Changes (by dkocher):

 * owner:   => dkocher
 * status:  new => assigned
 * component:  core => webdav
 * milestone:   => 4.4.4


Old description:

> This issue is related to discussion in google group
> [https://groups.google.com/forum/#!topic/cyberduck/to2dymHbxOo] thread.
>
> It appears that cyberduck does pass server name to the server when it
> establishes SSL connection.
>
> To reproduce an issue go open attached bookmark file.
>
> The following openssl command line demonstrates that sever is properly
> configured:
>
>     openssl s_client -servername cyberduck.coobserver.com -connect
> cyberduck.coobserver.com:443
>
> Certificate CN name is cyberduck.coobserver.com
>
> If server name option is omitted then:
>
>     openssl s_client -connect cyberduck.coobserver.com:443
>
> then server sends certificate with CN=dav.lianajoykids.com
>
> Cyberduck warns that certificate does not match server name. This means
> that cyberduck failed to send server name in SSL handshake.
>
> The demo site is empty and configured to resolve just this issue.
>
> Please send me email to sergeig at me dot com for password to access the
> website.

New description:

 This issue is related to discussion in google group
 [https://groups.google.com/forum/#!topic/cyberduck/to2dymHbxOo] thread.

 It appears that cyberduck does pass server name to the server when it
 establishes SSL connection.

 To reproduce an issue go open attached bookmark file.

 The following openssl command line demonstrates that sever is properly
 configured:


 {{{
     openssl s_client -servername cyberduck.coobserver.com -connect
 cyberduck.coobserver.com:443
 }}}


 Certificate CN name is cyberduck.coobserver.com

 If server name option is omitted then:


 {{{
     openssl s_client -connect cyberduck.coobserver.com:443
 }}}


 then server sends certificate with CN=dav.lianajoykids.com

 Cyberduck warns that certificate does not match server name. This means
 that cyberduck failed to send server name in SSL handshake.

 The demo site is empty and configured to resolve just this issue.

 Please send me email to sergeig at me dot com for password to access the
 website.

--

-- 
Ticket URL: <https://trac.cyberduck.io/ticket/7831#comment:1>
Cyberduck <http://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list