Server certificate suddenly untrusted

[cyberduck]

a3ff219 created the issue

Dear developers,

We are using Cyberduck with WebDAV (HTTP/SSL) protocol. Our server's hostname is "webdav.data.donders.ru.nl", and it has a valid certificate issued by a trusted CA. It has been working properly with Cyberduck 4.7.3, but since we upgrade to version 4.8.3, we encountered a failure during certificate trust verification. After some tests, we noticed that the same issue has been presented since version 4.8.

The error says that I might connect to a server pretending to be "data.donders.ru.nl". This is weird because we do connect to server "webdav.data.donders.ru.nl", and the server is totally independent to "data.donders.ru.nl" (in terms of DNS registry, in Web server configuration, and in certificate chain). We don't understand from where the "data.donders.ru.nl" is determined by the verification.

With a bit search in the existing tickets, I guess it might be something related to the fix of the ticket #3813.

Attached please find the screenshot of the error. Could you please help? Thank you very much in advance.

Cheers, Hong

---

Attachments

• Screen Shot 2016-03-10 at 09.10.03.png (366.3 KiB)

[cyberduck]

@dkocher commented

Regression from 18562.

[cyberduck]

@dkocher commented

In f77bc56.

[cyberduck]

86d95d3 commented

I'm from #9394 (duplication).
I reproduce the same issue (except for I'm using S3 mode) on

4.8.1.19040
4.8.2.19063
4.8.3.19083
4.8.4.19355
5.0.19549 (snapshot build)

with Mac OS X El Capitan 10.11.4

It looks like this is not resolved on 4.8.4. Could you please check it out?