https://hg.nginx.org certificate error ?
Maxim Dounin
mdounin at mdounin.ru
Tue Apr 9 14:59:56 UTC 2019
Hello!
On Tue, Apr 09, 2019 at 10:32:14AM -0400, George wrote:
> for that i get
>
> echo -n | openssl s_client -connect hg.nginx.org:443 -servername
> hg.nginx.org
> CONNECTED(00000003)
> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
> verify return:1
> depth=0 CN = mailman.nginx.org
> verify return:1
> ---
> Certificate chain
> 0 s:/CN=mailman.nginx.org
> i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> i:/O=Digital Signature Trust Co./CN=DST Root CA X3
> ---
That's correct certificate, it has hg.nginx.org in subjectAltNames
extension and will work correctly.
> and it's still a problem for hg clone command
>
> hg clone https://hg.nginx.org/njs/
> abort: hg.nginx.org certificate error: certificate is for *.nginx.com,
> nginx.com
> (configure hostfingerprint
> bd:90:5e:95:b4:51:d8:0b:b0:36:41:6f:99:a7:80:01:4e:cf:ee:c2 or use
> --insecure to connect insecurely)
As previously suggested, it looks like your hg cannot use SNI.
Upgrade your hg or use http/--insecure/whatever. Trying to re-run
the same command without upgrading hg to a recent version won't
help.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list