You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The SSL server doesn't conform to RFC 2818. Even with a fresh installation the server cert for the Tomcat instance on port 8443 has not subjectAltName extension. It should have a SAN extension with dNSName equal to its subject's CN.
Chrome has an outstanding bug to remove hostname matching in CN: [support for common names in certificates; only support Subject Alt Names]]([https://code.google.com/p/chromium/issues/detail?id=308330|Remove)
I found the problem while I was working on 1253. With certificate validation, requests still emits a warning:
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no subjectAltName, falling back to check for a commonName for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See urllib3/urllib3#497 for details.)
The text was updated successfully, but these errors were encountered:
This issue was migrated from Pagure Issue #1464. Originally filed by cheimes (@tiran) on 2015-07-03 14:40:29:
The SSL server doesn't conform to RFC 2818. Even with a fresh installation the server cert for the Tomcat instance on port 8443 has not subjectAltName extension. It should have a SAN extension with dNSName equal to its subject's CN.
Chrome has an outstanding bug to remove hostname matching in CN: [support for common names in certificates; only support Subject Alt Names]]([https://code.google.com/p/chromium/issues/detail?id=308330|Remove)
I found the problem while I was working on 1253. With certificate validation, requests still emits a warning:
The text was updated successfully, but these errors were encountered: