Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix SSL cert #20

Closed
snarfed opened this issue Jan 4, 2014 · 3 comments
Closed

fix SSL cert #20

snarfed opened this issue Jan 4, 2014 · 3 comments
Labels
now

Comments

@snarfed
Copy link
Owner

@snarfed snarfed commented Jan 4, 2014

evidently it's missing the intermediate chaining cert. thanks to @aaronpk for debugging!

repro and test:
openssl s_client -connect www.brid.gy:443
openssl s_client -connect brid-gy.appspot.com:443
test: https://www.ssllabs.com/ssltest/analyze.html?d=www.brid.gy&s=74.125.194.121

@snarfed
Copy link
Owner Author

@snarfed snarfed commented Jan 4, 2014

i just remembered that brid.gy's SSL requires SNI. app engine supports both VIPs and SNI for SSL on custom domains, but VIPs are naturally more expensive, so i went with SNI. not sure that's the root cause here though, since s_client won't connect even with -servername:

$ openssl s_client -servername brid.gy -connect www.brid.gy:443 -showcerts
CONNECTED(00000003)
50139:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-50/src/ssl/s23_lib.c:182:

background: http://blog.chrismeller.com/testing-sni-certificates-with-openssl

@aaronpk
Copy link
Contributor

@aaronpk aaronpk commented Jan 4, 2014

it works with -servername www.brid.gy

@snarfed
Copy link
Owner Author

@snarfed snarfed commented Jan 4, 2014

yup. i'll probably just switch the source URLs to brid-gy.appspot.com.

@snarfed snarfed closed this in d515b09 Jan 4, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.