Cyberduck Mountain Duck CLI

Changes between Initial Version and Version 1 of Ticket #2856


Ignore:
Timestamp:
Jan 8, 2009 7:17:26 PM (13 years ago)
Author:
dkocher
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #2856

    • Property Status changed from new to assigned
  • Ticket #2856 – Description

    initial v1  
    1 I love, love, love the Cyberduck but have recently found a bug in the way it evaluates the trustworthiness of SSL certificates.  It checks only the Common Name for a match on the server name but ignores the subjectAltName extensions, which are a perfectly valid and common way to secure additional domain names under one certificate.  I'd love to see this added to a future Cyberduck update as the alternative is to add a bunch of explicit certificate trusts to your Keychain when working with sites secured this way.  Attached are screenshots of what Cyberduck does when connecting to an FTP URL which is secured in the subjectAltName of a certificate with a different Common Name.
     1I love, love, love the Cyberduck but have recently found a bug in the way it evaluates the trustworthiness of SSL certificates.  It checks only the Common Name for a match on the server name but ignores the `subjectAltName` extensions, which are a perfectly valid and common way to secure additional domain names under one certificate.  I'd love to see this added to a future Cyberduck update as the alternative is to add a bunch of explicit certificate trusts to your Keychain when working with sites secured this way.  Attached are screenshots of what Cyberduck does when connecting to an FTP URL which is secured in the `subjectAltName` of a certificate with a different Common Name.
     2
     3[[Image(cyberduck1.jpg)]]
     4[[Image(cyberduck2.jpg)]]