>>>>> "BP" == Bob Proulx <[email protected]> writes:
BP> In order to support sv.gnu.org and sv.nongnu.org it would need four
BP> total certificates.
No.
As I mentioned the two certs could mention the aliases in the
subjectAltName block.
And sni would not be required; the clients would be happy just with each
of the possible names in subjectAltName.
BP> I still have a dump from the previous certificates. They are
BP> specifically savannah.gnu.org and one for savannah.nongnu.org.
Ok. So it is not a regression. (Or at least not now; perhaps it hasn't
worked since the self-signed certs were replaced. Or maybe it never
worked with https.)
While eating I remembered that sv vs https had come up before; perhaps
years ago. But I do not remember whether it was on this list or elsewhere.
BP> Additional if you actually try to log in using sv.{non,}gnu.org then
BP> Savane complains of cookie problems.
Which suggests that sv only ever worked for http.
BP> it is not expected to use either of those names.
There were added to easy typing, so they are expected. Just, it seems,
not for https.
Thanks for looking into it!
-JimC
--
James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6
