[mod_gnutls-devel] [gnutls-help] need help with SNI
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Apr 10 00:20:21 CEST 2014
On 04/09/2014 05:47 PM, Olaf Zaplinski wrote:
> I found a blog mentioning that GnuTLS has problems with subjectAltName:
that blog post is from more than three years ago. It may not reflect
the version of mod_gnutls you're using today.
what version of apache are you running?
what version of gnutls are you running?
what version of mod_gnutls are you running?
Your earlier message to gnutls-help provides this link:
this is a zerobin site, certified by CACert, sending
For people without the CACert root CA in their trust store, even if they
make a temporary allowance for the guest cert, the STS header will cause
the browser to reject the connection with no user clickthrough allowed.
--no-check-certificate doesn't produce anything a human can understand.
I don't want this to turn into a discussion about the relative merits of
my point is if you want people on the internet to help figure things
out, making it easier for them to see the data they need to see to
understand the situation is probably a good idea.
if there are redacted configs that you're willing to publish, it is
helpful to include them directly in your e-mail response.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1010 bytes
Desc: OpenPGP digital signature
More information about the mod_gnutls-devel