New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SNI support in the non-App Store version #7831
Comments
I get the expected error message from the certificate trust panel that The certificate was signed by an unknown authority because the root certificate is not known. |
It turns out this issue affects only Mac OS X. |
Replying to [comment:2 dkocher]:
Well, the certificate is signed with private CA. It is not valid to close the ticket based on unrelated issue. |
In my testing the certificate for |
Replying to [7831 sergei]:
We use a bundled runtime and do not use the installed Java version. |
I can confirm this for the Windows client. For cyberduck.coobserver.com it seems to work fine although I don't know any credentials. |
Update:
The issue can be reproduced only on Mac OS X. My OS X Machine is on current patched Maverics 10.9.1. The terminal reports:
java version "1.6.0_65"
Java(TM) SE Runtime Environment (build 1.6.0_65-b14-462-11M4609)
Java HotSpot(TM) 64-Bit Server VM (build 20.65-b04-462, mixed mode)
Windows release of cyberduck is not affected. I was able to verify it on 2 separate windows boxes.
The certificate is issued by private CA. However, testing on windows did not result in any warnings that certificate is not trusted (even on the machine that does not trust private root CA).
Original Description:
This issue is related to discussion in google group (https://groups.google.com/forum/#!topic/cyberduck/to2dymHbxOo) thread.
It appears that cyberduck does pass server name to the server when it establishes SSL connection.
To reproduce an issue go open attached bookmark file.
The following openssl command line demonstrates that sever is properly configured:
Certificate CN name is cyberduck.coobserver.com
If server name option is omitted then:
then server sends certificate with CN=dav.lianajoykids.com
Cyberduck warns that certificate does not match server name. This means that cyberduck failed to send server name in SSL handshake.
The demo site is empty and configured to resolve just this issue.
Please send me email to sergeig at me dot com for password to access the website.
Attachments
cyberduck.coobserver.com.duck
(0.6 KiB)The text was updated successfully, but these errors were encountered: