On Fri, Sep 3, 2021 at 8:18 AM Jochen Bern <Jochen.Bern@xxxxxxxxx> wrote: > On 03.09.21 16:28, Dmitry Belyavskiy wrote: > > The site www.openssh.com is misconfigured and sometimes browsers refuse > to > > connect because of hostname mismatch - the certificate provided by the > site > > is issued for www.openbsd.org. Could you please fix it? > > There is nothing broken - the server cert lists "www.openssh.com" in the > Subject Alternate Names (SANs), along with a dozen others. > There is nothing broken on *www.openssh.com*. There *is* something broken on www.openssh.org which redirects to www.openssh.com. Tom.III > > The DN contains "www.openbsd.org" as the CN, but a) there can be only > one *there*, b) the current standards suggest that browsers(!) should > ignore the DN in favor of the SANs altogether, and c) before that, they > were supposed to accept *both* for quite a while. > > Regards, > -- > Jochen Bern > Systemingenieur > > Binect GmbH > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
