On Thu, 21 Feb 2008, Anatoly Yakovenko wrote:
$ GIT_SSL_NO_VERIFY=1 GIT_CURL_VERBOSE=1 git clone
https://aeyakovenko@xxxxxxxxx/git
i get this as an error:
error: SSL: certificate subject name 'localhost' does not match target
host name '127.0.0.1' (curl_result = 51, http_code = 0, sha1 =
4590de71622f1a90f906413fd7f63d5553cd5f93)
That's the very problem Mike Hommey's recent patch addresses. Verifying a
peer's certificate is done with two different libcurl options:
* VERIFYPEER verifies the server's certificate against a local CA cert bundle
* VERIFYHOST verifies that the name in the server certificate matches the host
you're talking to
For this particular case, you can in fact also make it work by making sure the
server's certificate has the IP address as a "subjectAltName".
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html