[Fusioninventory-user] First install, some question.
Guillaume Rousse
guillomovitch at gmail.com
Fri Jun 1 14:04:03 UTC 2012
Le 01/06/2012 15:52, Marco Gaiarin a écrit :
>> This is an hostname mismatch issue: the URL uses
>> 'helpdesk.ct.lnf.it' whereas the certificate is only valid for
>> 'meti.ct.lnf.it'. Only --no-ssl-check will help there, certification
>> authority is not in cause.
>
> But i use 'subject alt name' as '*.ct.lnf.it', and i've had no trouble
> at all with browsers and other tool to verify certificates, and event
> the windows version of the client connect with no trouble at all.
>
> The log say:
>
> '/C=IT/ST=Salerno/L=Cava De' Tirreni/O=Associazione La Nostra Famiglia/OU=Cava De' Tirreni/CN=meti.ct.lnf.it' !~ //CN=(helpdesk|\*)\.ct\.lnf\.it($|\/)/`
>
> But the regexp seems to me wrong, better:
>
> /\/CN=(helpdesk|\*)\.ct\.lnf\.it($|\/)/
>
> and this way will match...
Old LWP 5.x doesn't allow to use underlying SSL implementation code to
check certificate, and only allows to use a perl regexp to match against
certificate name: poor man abstraction layer...
In order to use a full-featured SSL certificate checking, you have to
switch to agent 2.2.x, use IO::Socket::SSL instead of
Net::Crypt::SSLeay, and upgrade LWP to 6.x.
The windows agent (actually, the windows distribution of the very same
agent) ships with those versions, hence the different result.
--
The greater the importance of decisions to be made, the larger must be
the committee assigned to make them
-- Murphy's In Laws n°14
More information about the Fusioninventory-user
mailing list