well, gives the same error :(
curl: (51) SSL: certificate subject name does not match target host name
I think we'll move on with ip address in the common name and the pkg
client connecting via ip address.
thanks
- Amol
On 09/20/11 12:34, Erik Trauschke wrote:
Have you tried with a subjectaltname without the "IP:"
Erik
Amol Chiplunkar <[email protected]> wrote:
A simple curl client call works with the hostname
It does not work with the ip address.
I trussed both the calls and they are using the right certificate from the
/etc/openssl/certs truststore
Which makes me think something is wrong with the openssl conf during the
cert generation.
I have
subjectAltName = IP:<ip address>
in the openssl conf file.
- Amol
On 09/20/11 11:49, Shawn Walker wrote:
> On 09/19/11 18:04, Amol Chiplunkar wrote:
>>
>> subjectAltName does not seem to work with the pkg command.
>> I tried with
>> subjectAltName = IP:<ip address>
>> in the openssl conf file to create the certificate
>>
>> Also tried
>> subjectAltName_default = IP:<ip address>
>>
>> Both these in combination with ServerAlias <ipaddress> for the Virtual
>> Host and without the alias as well.
>> It always generates Framework error: code: 51 reason: SSL: certificate
>> subject name '<hostname>' does not match target host name '<ip address>'
>
> libcurl documentation states that: "Curl considers the server the
> intended one when the Common Name field or a Subject Alternate Name
> field in the certificate matches the host name in the URL to which you
> told Curl to connect."
>
> So this should work. Have you tried using the curl client to retrieve
> things via SSL using this server? Does it give you the same errors?
>
> -Shawn
>
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
