07.12.2017 21:27, Matus UHLAR - fantomas пишет: > On 07.12.17 08:05, erdosain9 wrote: >> Yes, Chrome tell this when i look the certificate >> >> "The certificate for this site does not contain a Subject Alternative >> Name >> extension containing a domain name or IP address." > > are you aware that this is not a squid problem? > >> So, my certificate does not have a Subject Alternative Name. So what? Re-issue cert with openssl and add this field. This is trivial. >> But, this is not a problem with Firefox. Firefox uses not so restrictive SSL handling. > > only with certificates issued after some date, not sure when, but it will > come. > >> I have to change my certificate?? t >> There is a way to tell Chrome "dont look for this"??? > > only by using chrome <58 Not only. It is exists registry hack for Chrome to workaround this. Not sure it will still works. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome] "EnableCommonNameFallbackForLocalAnchors"=dword:00000001 "EnableDeprecatedWebBasedSignin"=dword:00000000 It's easy to JFGI this hack as .reg-file, if any difficults to make this by manual. > > the CommonName does not have documented format, the > SubjectAlternativeName > does. > It is documented in openssl man pages. Also it is documented in Google technical documentation. JFGI. -- "Some people, when confronted with a problem, think «I know, I'll use regular expressions.» Now they have two problems." --Jamie Zawinsk ************************** * C++: Bug to the future * **************************
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
