Ticket #1319 (closed defect: fixed)
Better SIAB certificate on dialups
Reported by: | adehnert | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | linerva | Keywords: | transition |
Cc: | Fixed in version: | ||
Upstream bug: |
Description (last modified by jweiss) (diff)
When I go to https://athena.dialup.mit.edu/ I get a SIAB session and the world is wonderful. Unfortunately, if I go to https://department-of-alchemy.mit.edu/, I get the same cert (which isn't signed for department-of-alchemy) and thus a cert warning. For people using screen+SIAB, each host should have a SubjectAltName of their actual hostname or do SNI.
Change History
comment:2 in reply to: ↑ 1 Changed 12 years ago by adehnert
Replying to adehnert:
Anybody know if SIAB supports SNI?
Apparently it does --- see "-c certdir" in the manpage ( http://code.google.com/p/shellinabox/wiki/shellinaboxd_man).
comment:3 Changed 12 years ago by adehnert
RT ticket 2329061:
"""
Alex,
Sorry for the delay getting back to you. This is a known issue and
considered a low priority at this point. It may be a while before we
get this dealt with, but we are considering the issue.
Jonathon
"""
Not fixing this will make #1293+SIAB suck, but we can cross that bridge when #1293+ssh is finished.
comment:4 Changed 11 years ago by adehnert
Actually, if #1293+SIAB is IS&T-maintained, this doesn't particularly need to be fixed so long as either username.dialup.mit.edu is used or the dialups have a *.prefered-dialup.mit.edu cert as well.
comment:6 Changed 11 years ago by jweiss
The solution I'm recommending is to use https://dialupname.dialup.mit.edu (eg., https://department-of-alchemy.dialup.mit.edu (not the ".dialup")).
Anybody know if SIAB supports SNI?