Date: Tue, 29 Dec 2020 14:20:54 -0500 From: "Michael W. Lucas" <mwlucas@michaelwlucas.com> To: apache@freebsd.org Subject: Would anything in our port cause this error? Message-ID: <X%2BuBluclDHgryASg@mail.mwl.io>
next in thread | raw e-mail | index | archive | help
Hi, Before I build & install apache from scratch to report this bug, thought I'd see if it rang any bells here. The domain name youkeepusingthatwordidonotthinkitmeanswhatyouthinkitmeans.com has a TLS cert. I can verify it locally. $ openssl x509 -in cert.pem -noout -ext subjectAltName X509v3 Subject Alternative Name: DNS:immortalclay.com, DNS:montagueportal.com, DNS:www.immortalclay.com, DNS:www.montagueportal.com, DNS:www.youkeepusingthatwordidonotthinkitmeanswhatyouthinkitmeans.com, DNS:youkeepusingthatwordidonotthinkitmeanswhatyouthinkitmeans.com I can load it in Apache. Works fine on the other sites. $ openssl s_client -connect youkeepusingthatwordidonotthinkitmeanswhatyouthinkitmeans.com:443 |openssl x509 -noout -ext subjectAltName depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = immortalclay.com verify return:1 X509v3 Subject Alternative Name: DNS:immortalclay.com, DNS:montagueportal.com, DNS:www.immortalclay.com, DNS:www.montagueportal.com It *appears* that Apache is rejecting the overlong hostname. Does the port twiddle any related settings? Thanks, ==ml -- Michael W. Lucas https://mwl.io/ author of: Absolute OpenBSD, SSH Mastery, git commit murder, Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc... ### New books: SNMP Mastery, the Networknomicon, Drinking Heavy Water ###
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?X%2BuBluclDHgryASg>