[ET Trac] [Einstein Toolkit] #2137: ssl certificate for www.cactuscode.org does not match common name

Einstein Toolkit trac-noreply at einsteintoolkit.org
Mon Jun 25 13:43:41 CDT 2018


#2137: ssl certificate for www.cactuscode.org does not match common name
--------------------------------------+---------------------------------
  Reporter:  Roland Haas              |      Owner:  (none)
      Type:  defect                   |     Status:  reopened
  Priority:  minor                    |  Milestone:
 Component:  EinsteinToolkit website  |    Version:  development version
Resolution:                           |   Keywords:  www.cactuscode.org
--------------------------------------+---------------------------------

Comment (by Roland Haas):

 It works for me as well. Yet the monitor script referenced above
 (​https://www.cct.lsu.edu/~knarf/cgi-bin/monitor.cgi) complains. ssl
 checker (https://www.sslshopper.com/ssl-
 checker.html#hostname=https://www.cactuscode.org/) notes that a SHA1
 signature is used which is somewhat unsafe these days.

 The wrong common name might be reported by gnutls-cli (but not openssl)
 https://outflux.net/blog/archives/2010/03/10/openssl-client-does-not-
 check-commonname/ which also seems to indicate that openssl is doing the
 "right thing".

 Note that the version of gnutls-cli on my Linux box (3.5.18) does not
 produce the warning.

 So it seems we should

 1. close this ticket as "worksforme"
 2. check the cgi script and update the gnutls-cli version it uses

-- 
Ticket URL: <https://trac.einsteintoolkit.org/ticket/2137#comment:6>
Einstein Toolkit <http://einsteintoolkit.org>
The Einstein Toolkit


More information about the Trac mailing list