On 03.09.21 16:28, Dmitry Belyavskiy wrote: > The site www.openssh.com is misconfigured and sometimes browsers refuse to > connect because of hostname mismatch - the certificate provided by the site > is issued for www.openbsd.org. Could you please fix it? There is nothing broken - the server cert lists "www.openssh.com" in the Subject Alternate Names (SANs), along with a dozen others. The DN contains "www.openbsd.org" as the CN, but a) there can be only one *there*, b) the current standards suggest that browsers(!) should ignore the DN in favor of the SANs altogether, and c) before that, they were supposed to accept *both* for quite a while. Regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
