[Fusioninventory-user] First install, some question.

Guillaume Rousse guillomovitch at gmail.com
Fri Jun 1 14:04:03 UTC 2012

Le 01/06/2012 15:52, Marco Gaiarin a écrit :
>> This is an hostname mismatch issue: the URL uses
>> 'helpdesk.ct.lnf.it' whereas the certificate is only valid for
>> 'meti.ct.lnf.it'. Only --no-ssl-check will help there, certification
>> authority is not in cause.
> But i use 'subject alt name' as '*.ct.lnf.it', and i've had no trouble
> at all with browsers and other tool to verify certificates, and event
> the windows version of the client connect with no trouble at all.
> The log say:
>   '/C=IT/ST=Salerno/L=Cava De' Tirreni/O=Associazione La Nostra Famiglia/OU=Cava De' Tirreni/CN=meti.ct.lnf.it' !~ //CN=(helpdesk|\*)\.ct\.lnf\.it($|\/)/`
> But the regexp seems to me wrong, better:
> 	/\/CN=(helpdesk|\*)\.ct\.lnf\.it($|\/)/
> and this way will match...
Old LWP 5.x doesn't allow to use underlying SSL implementation code to 
check certificate, and only allows to use a perl regexp to match against 
certificate name: poor man abstraction layer...

In order to use a full-featured SSL certificate checking, you have to 
switch to agent 2.2.x, use IO::Socket::SSL instead of 
Net::Crypt::SSLeay, and upgrade LWP to 6.x.

The windows agent (actually, the windows distribution of the very same 
agent) ships with those versions, hence the different result.
The greater the importance of decisions to be made, the larger must be 
the committee assigned to make them
		-- Murphy's In Laws n°14

More information about the Fusioninventory-user mailing list