Cyberduck Mountain Duck CLI

#2856 closed defect (fixed)

FTPS does not support subjectAltName attributes in SSL certificates

Reported by: brandonvalentine Owned by: dkocher
Priority: normal Milestone: 3.1.2
Component: ftp-tls Version: 3.1
Severity: normal Keywords: ssl, tls, subjectaltname, ucc, san, subjectalternativename
Cc: Architecture:

Description (last modified by dkocher)

I love, love, love the Cyberduck but have recently found a bug in the way it evaluates the trustworthiness of SSL certificates. It checks only the Common Name for a match on the server name but ignores the subjectAltName extensions, which are a perfectly valid and common way to secure additional domain names under one certificate. I'd love to see this added to a future Cyberduck update as the alternative is to add a bunch of explicit certificate trusts to your Keychain when working with sites secured this way. Attached are screenshots of what Cyberduck does when connecting to an FTP URL which is secured in the subjectAltName of a certificate with a different Common Name.

Attachments (2)

cyberduck1.jpg (47.1 KB) - added by brandonvalentine on Jan 8, 2009 at 6:56:27 PM.
cyberduck2.jpg (219.5 KB) - added by brandonvalentine on Jan 8, 2009 at 6:56:36 PM.

Download all attachments as: .zip

Change History (5)

Changed on Jan 8, 2009 at 6:56:27 PM by brandonvalentine

Changed on Jan 8, 2009 at 6:56:36 PM by brandonvalentine

comment:1 Changed on Jan 8, 2009 at 7:17:26 PM by dkocher

  • Description modified (diff)
  • Status changed from new to assigned

comment:2 Changed on Jan 10, 2009 at 6:12:20 PM by dkocher

  • Milestone set to 3.2
  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed in r4459 and r4461.

comment:3 Changed on Jan 12, 2009 at 9:24:24 AM by dkocher

  • Milestone changed from 3.2 to 3.1.2
Note: See TracTickets for help on using tickets.