[gnutls-help] Trouble with wildcard cert on servers without FQDNs?

Dan Kegel dank at kegel.com
Fri Jul 29 18:04:37 CEST 2016

No, that wasn't it.  The test script fails even when the ubuntu
package ca-certificates is installed.
And the test script is all self-signed anyway, there's no outside
server involved.
In fact, it fails on my laptop, which has all the certs a normal user needs.

The script works fine without the wildcard, too, even in the clean container.
It really does feel like the wildcard triggers some surprising
requirement in gnutls.
Maybe I should try registering a FQDN for my laptop and see if that helps :-)

On Fri, Jul 29, 2016 at 6:51 AM, Dan Kegel <dank at kegel.com> wrote:
> Ha!  Thank you, that makes sense!  I'll give that a shot.
> On Jul 27, 2016 11:49 PM, "Nikos Mavrogiannopoulos" <nmav at gnutls.org> wrote:
> On Thu, Jul 28, 2016 at 12:29 AM, Dan Kegel <dank at kegel.com> wrote:
>> The script http://kegel.com/wildcard-bug.sh.txt demonstrates
>> generating a wildcard cert
>> on ubuntu using openssh, and using it with gnutls.  Works great on a
>> real machine with
>> a real FQDN.  But if I run it on a container without a FQDN,
>> gnutls-cli refuses to trust the server.
>> What's going on here?  Are servers only trusted if the client can look
>> up the server's primary name in DNS?
> Most likely your container doesn't contain the root certificates
> needed for gnutls to verify servers. You'll need to install the
> package that contains them.
> regards,
> Nikos

More information about the Gnutls-help mailing list