Cyberduck Mountain Duck CLI

Opened on Sep 30, 2010 at 11:04:59 PM

Closed on Oct 1, 2010 at 5:41:56 AM

#5247 closed defect (fixed)

Initial Download Website Error Message

Reported by: billsteiner Owned by: dkocher
Priority: normal Milestone:
Component: website Version: 3.6.1
Severity: major Keywords: Download Error Message
Cc: Architecture: Intel
Platform: Windows 7

Description

When I clicked on the link in the email you sent I was directed to the website but Firefox said your certificate was not valid. Is it? See Attached file.

Attachments (1)

Untrusted Connection.pdf (45.9 KB) - added by billsteiner on Sep 30, 2010 at 11:06:13 PM.
Printed Web Page Showing Error

Download all attachments as: .zip

Change History (2)

Changed on Sep 30, 2010 at 11:06:13 PM by billsteiner

Printed Web Page Showing Error

comment:1 Changed on Oct 1, 2010 at 5:41:56 AM by yla

  • Resolution set to fixed
  • Status changed from new to closed

The Amazon SSL certificate is a wildcard certificate for '*.s3.amazonaws.com'. As we have a bucket 'cyberduck.ch' this leads to a hostname with an additional level -> 'cyberduck.ch.s3.amazonaws.com'. According to the memo RFC2818 this identity does not match the certificate. Section 3.1 says:

... If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com. ...

To prevent the warning page we should choose a different bucket or we don't use SSL for distribution anymore. The link you got is also valid with http:// instead of https://.

Note: See TracTickets for help on using tickets.