Cyberduck
Mountain Duck
CLIOpened on Sep 30, 2010 at 11:04:59 PM
Closed on Oct 1, 2010 at 5:41:56 AM
#5247 closed defect (fixed)
Initial Download Website Error Message
| Reported by: | billsteiner | Owned by: | dkocher |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | website | Version: | 3.6.1 |
| Severity: | major | Keywords: | Download Error Message |
| Cc: | Architecture: | Intel | |
| Platform: | Windows 7 |
Description
When I clicked on the link in the email you sent I was directed to the website but Firefox said your certificate was not valid. Is it? See Attached file.
Attachments (1)
Change History (2)
Changed on Sep 30, 2010 at 11:06:13 PM by billsteiner
comment:1 Changed on Oct 1, 2010 at 5:41:56 AM by yla
- Resolution set to fixed
- Status changed from new to closed
The Amazon SSL certificate is a wildcard certificate for '*.s3.amazonaws.com'. As we have a bucket 'cyberduck.ch' this leads to a hostname with an additional level -> 'cyberduck.ch.s3.amazonaws.com'. According to the memo RFC2818 this identity does not match the certificate. Section 3.1 says:
... If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com. ...
To prevent the warning page we should choose a different bucket or we don't use SSL for distribution anymore. The link you got is also valid with http:// instead of https://.
Printed Web Page Showing Error