On Thu, Nov 04, 2010 at 04:21:35PM +0100, Mattia Tomasoni wrote: > I get: > certificate common name `*.github.com' doesn't match requested host > name `github.com' > > wget --no-check-certificate works... The problem is that wildcard names in certificates are not well-specified. RFC 2818 leaves this particular case (matching "*.domain" to "domain") ambiguous: Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com. RFC 2595 specifically outlaws it, but is talking about other non-HTTP protocols (it is for TLS with IMAP, POP, and ACAP): A "*" wildcard character MAY be used as the left-most name component in the certificate. For example, *.example.com would match a.example.com, foo.example.com, etc. but would not match example.com. So you can either send a bug report to wget to handle this case better, or you can complain to github not to use wildcard certificates in this way. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html