-
Notifications
You must be signed in to change notification settings - Fork 215
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add error message if SAN doesn't match hostname #253
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code looks fine, although I note it does not include stubs for other languages which would be a potential improvement. Thanks for your work on this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for this contribution. I'd also say this is ok, but I would still like to have stubs for all the other supported languages.
Hello @albertosottile @Et0h the stubs is to copy/paste the translation in the other langages ? |
You copy it over and then add '# TODO: Translate' as comment. Then translators can just look for the TODOs to find out what needs translating. |
I'm not against this change, but if there is a more specific and user friendly message about TLS failure it should be worded in way that's more understandable - since I don't expect most people (or even most power users) to know X.509 field names and their purposes by heart. Not to reinvent the wheel I'd think wording more similar to what browsers use to be more appropriate. For example Firefox in such situation will show the following in advanced description of problem:
|
I'm open to any wording, at first it was to avoid an generic error when it can be more precise. |
@kidburglar If you want to propose wording and update your pull request soon in line with @daniel-123's comments then this can hopefully be included in the release candidate of Syncplay v1.6.5. |
Hello @Et0h Like I said before to @daniel-123 I'm open to any wording. There is just need to tell me which wording using and I will make the changes (if it's faster to make the changes directly without that I make it, it's good for me too). |
I would go with minimal modification to the previously mentioned message, so: Ideally it would spell out both the current hostname it sees and what's valid in certificate it received, but I guess that would be more complexity than this is worth. |
…d-DNS-ID and add the strings to the other languages
Hello @daniel-123 @Et0h I have change the message and I add it to the other languages with a " # TODO: Translate" comment. |
Remove "startTLS-server-certificate-invalid-DNS-ID" that I wrongly copy pasted
* Add error message if SAN doesn't match hostname * Add a better message for the error startTLS-server-certificate-invalid-DNS-ID and add the strings to the other languages
* Add error message if SAN doesn't match hostname * Add a better message for the error startTLS-server-certificate-invalid-DNS-ID and add the strings to the other languages
When I was trying to make syncplay working with a self-signed certificate I had a reconnection loop.
The issue was related to the SAN (Subject Alternative Name) that was not correct in my certificate.
I think it can be usefull to detect this error.