On Tue, Jul 26, 2011 at 2:19 PM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> Dan Yost wrote on Tue, Jul 26, 2011 at 12:57:29 -0500:
>> Or to state the below (pardon the top-post) much more simply: the
>> --trust-server-cert flag does not work. It fails to perform its
>> singular function, which is...to force trust of the server cert,
>> right?
>>
>
> Its function is to accept certificates signed by unknown CA's without
> prompting. In your case you have two failures, one of them being the
> mismatching subject name (hostname), so you do get prompted.
>
Ah, so indeed perhaps this will reveal a key difference between my
test client and the rest of the live clients (still gathering info on
them to see if they continue to fail). The rest of the clients don't
have the hostname issue, I believe, so perhaps they will indeed be
improved by the flag.
But, any idea why it works one minute, then doesn't the next, when
nobody touches anything? Or, a good way to dig deeper? Perhaps I need
a very verbose dump of the whole SSL handshake, I guess, to find out
why it works fine one minute then doesn't the next, but I didn't find
an option (particularly on the "update" subcommand).
Thanks,
Dan
Received on 2011-07-26 21:33:34 CEST