Re: wildcard matching components

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wildcard matching components

From:	Nikos Mavrogiannopoulos
Subject:	Re: wildcard matching components
Date:	Sun, 29 Aug 2010 21:02:55 +0200
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6

On 08/28/2010 07:34 PM, Carson Hewitt wrote:
> Hello,
> 
> I was trying to open an audio stream over https using VLC (1.1.3), which 
> bundles 
> gnutls.
> 
> The CA chain verification is fine. Then we get:
> 
> gnutls error: Certificate does not match "foo.bar.example.com"
> Indeed, the common name of the server certificate is "*.example.com", which 
> does 
> not match our hostname because of the dot in foo.bar (I don't know if this 
> behaviour is specified by the protocols implemented by gnutls, or if it's up 
> to 
> the implementation).
> Is there a way to convince gnutls to trust the certificate even if it
does not
> match the hostname ?

gnutls name verification functions follow RFC2818 that explicitly says
that *.example.com should not match foo.bar.example.com. However using
the RFC2818 name checking is up to the application using gnutls. Just
tell your application not to check the name on the certificate.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

wildcard matching components, Carson Hewitt, 2010/08/28
- Re: wildcard matching components, Nikos Mavrogiannopoulos <=
  - Re: wildcard matching components, Carson Hewitt, 2010/08/29

Prev by Date: wildcard matching components
Next by Date: Re: wildcard matching components
Previous by thread: wildcard matching components
Next by thread: Re: wildcard matching components
Index(es):
- Date
- Thread