<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>


<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<p class="details" style="font-style: italic; color: #777;">
<a href="https://gitlab.com/atwebm">Markus Weber</a> created an issue:
</p>
<div></div>
<h2 dir="auto">
<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>
<p dir="auto">The Type "Registered ID" with Index Nr. 8 is missing in the GnuTLS-Build of Debian 10.2 (Buster).
<a href="https://www.alvestrand.no/objectid/2.5.29.17.html" rel="nofollow noreferrer noopener" target="_blank">https://www.alvestrand.no/objectid/2.5.29.17.html</a></p>
<p dir="auto">This prevents the Connection of wget to ElasticSearch secured with SearchGuard
<a href="https://docs.search-guard.com/latest/tls-in-production" rel="nofollow noreferrer noopener" target="_blank">https://docs.search-guard.com/latest/tls-in-production</a></p>
<h2 dir="auto">
<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>
<h1 dir="auto">
<a id="user-content-apt-search-gnutls-grep-installed" class="anchor" href="#apt-search-gnutls-grep-installed" aria-hidden="true"></a>apt search gnutls | grep installed</h1>
<p dir="auto">libcurl3-gnutls/stable,stable,now 7.64.0-4 amd64 [installed,automatic]
libgnutls30/stable,stable,now 3.6.7-4 amd64 [installed]
libsoup2.4-1/stable,stable,now 2.64.2-2 amd64 [installed,automatic]
python3-pycurl/stable,stable,now 7.43.0.2-0.1 amd64 [installed,automatic]</p>
<h2 dir="auto">
<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>
<p dir="auto">Debian 10.2 (buster)</p>
<h2 dir="auto">
<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>
<p dir="auto">wget against a https-Server, which has a Certificate, that uses a custom oid in the "Subject Alternative Name"-Field</p>
<h2 dir="auto">
<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>
<p dir="auto">/usr/lib/nagios/plugins/check_elasticsearch -H server.fqdn -u user -p password -c /etc/ssl/certs/elasticsearch-CA.pem -s -N -V
--2020-01-11 20:16:09--  <a href="https://server:9200/_cluster/health?pretty=true" rel="nofollow noreferrer noopener" target="_blank">https://server:9200/_cluster/health?pretty=true</a>
Loaded CA certificate '/etc/ssl/certs/elasticsearch-CA.pem'
Resolving server.fqdn (server.fqdn)... 1.2.3.4
Connecting to server.fqdn (server.fqdn)|1.2.3.4|:9200... connected.
GnuTLS: Unknown Subject Alternative name in X.509 certificate.
Unable to establish SSL connection.
CRITICAL - Could not connect to server server.fqdn</p>
<h2 dir="auto">
<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>
<p dir="auto">From another System with Debian 9.11
/usr/lib/nagios/plugins/check_elasticsearch -H server.fqdn -u user -p password -c /etc/ssl/certs/elasticsearch-CA.pem -s -N -V
--2020-01-11 20:45:37--  <a href="https://server.fqdn:9200/_cluster/health?pretty=true" rel="nofollow noreferrer noopener" target="_blank">https://server.fqdn:9200/_cluster/health?pretty=true</a>
Loaded CA certificate '/etc/ssl/certs/elasticsearch-CA.pem'
Resolving server.fqdn (server.fqdn)... 1.2.3.4
Connecting to de1app3.doitll.com (server.fqdn)|1.2.3.4|:9200... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Authentication selected: Basic realm="Search Guard"
Reusing existing connection to [server.fqdn]:9200.
HTTP request sent, awaiting response... 200 OK
Length: 462 [application/json]
Saving to: ‘/tmp/tmp.dV2lmBXb4g-check_elasticsearch’</p>
<p dir="auto">/tmp/tmp.dV2lmBXb4g-check_elasticsearch                      100%[=============================================================================================================================================>]     462  --.-KB/s    in 0s</p>
<p dir="auto">2020-01-11 20:45:38 (15.4 MB/s) - ‘/tmp/tmp.dV2lmBXb4g-check_elasticsearch’ saved [462/462]</p>
<p dir="auto">OK - elasticsearch (cluster) is running. status: green; timed_out: false; ...</p>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">

<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/905">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/d04c432ee01b84985193e02fe865b770/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/905"}}</script>


</p>
</div>
</body>
</html>