Date: Tue, 29 Dec 2020 14:20:54 -0500 From: "Michael W. Lucas" <mwlucas@michaelwlucas.com> To: apache@freebsd.org Subject: Would anything in our port cause this error? Message-ID: <X%2BuBluclDHgryASg@mail.mwl.io>
index | next in thread | raw e-mail
Hi,
Before I build & install apache from scratch to report this bug,
thought I'd see if it rang any bells here.
The domain name
youkeepusingthatwordidonotthinkitmeanswhatyouthinkitmeans.com has a
TLS cert. I can verify it locally.
$ openssl x509 -in cert.pem -noout -ext subjectAltName
X509v3 Subject Alternative Name:
DNS:immortalclay.com, DNS:montagueportal.com, DNS:www.immortalclay.com, DNS:www.montagueportal.com, DNS:www.youkeepusingthatwordidonotthinkitmeanswhatyouthinkitmeans.com, DNS:youkeepusingthatwordidonotthinkitmeanswhatyouthinkitmeans.com
I can load it in Apache. Works fine on the other sites.
$ openssl s_client -connect youkeepusingthatwordidonotthinkitmeanswhatyouthinkitmeans.com:443 |openssl x509 -noout -ext subjectAltName
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = immortalclay.com
verify return:1
X509v3 Subject Alternative Name:
DNS:immortalclay.com, DNS:montagueportal.com, DNS:www.immortalclay.com, DNS:www.montagueportal.com
It *appears* that Apache is rejecting the overlong hostname.
Does the port twiddle any related settings?
Thanks,
==ml
--
Michael W. Lucas https://mwl.io/
author of: Absolute OpenBSD, SSH Mastery, git commit murder,
Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc...
### New books: SNMP Mastery, the Networknomicon, Drinking Heavy Water ###
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?X%2BuBluclDHgryASg>