tickets #25590
closedhttps://opensuse.org gives TLS protocol error
100%
Description
Hi,
the URL https://www.opensuse.org works fine, but
results in a TLS protocol error. That is probably not intentional?
Best regards,
Peter
Updated by pjessen over 6 years ago
- Private changed from Yes to No
Hi Peter
when I tried https://opensuse.org just now, I was redirected to https://www.opensuse.org. Seems to be okay.
Updated by pjessen over 6 years ago
Uh, I guess it is the certificate mismatch:
wget -nd -6 -S https://opensuse.org
--11:03:29-- https://opensuse.org/
=> index.html.2'
*.opensuse.org' doesn't match requested host name
Resolving opensuse.org... 2001:67c:2178:8::19
Connecting to opensuse.org|2001:67c:2178:8::19|:443... connected.
ERROR: Certificate verification error for opensuse.org: unable to get local issuer certificate
ERROR: certificate common nameopensuse.org'.
--no-check-certificate'.
To connect to opensuse.org insecurely, use
Unable to establish SSL connection.
per@io64:~/Documents> wget -nd -4 -S https://opensuse.org
--11:03:42-- https://opensuse.org/
=> index.html.2'
*.novell.com' doesn't match requested host name
Resolving opensuse.org... 130.57.66.19
Connecting to opensuse.org|130.57.66.19|:443... connected.
ERROR: Certificate verification error for opensuse.org: unable to get local issuer certificate
ERROR: certificate common nameopensuse.org'.
--no-check-certificate'.
To connect to opensuse.org insecurely, use
Unable to establish SSL connection.
We seem to have different certificates for ipv4 and ipv6 ??
Updated by abergmann over 6 years ago
OpenSSL s_client shows the problem in detail. So it really looks like Per pointed out that the cert is simply wrong. However the IPv4 address 130.57.66.6 has the opensuse.org certificate present, but doesn't provide the redirect.
#> openssl s_client -connect opensuse.org:443
IPv4: 130.57.66.19
subject=/C=US/L=Provo/ST=Utah/O=Novell, Inc./CN=*.novell.com
X509v3 Subject Alternative Name: DNS:*.novell.com, DNS:novell.com
IPv6: 2001:67c:2178:8::19
subject=/C=US/L=Provo/ST=Utah/O=Novell, Inc./CN=*.opensuse.org
X509v3 Subject Alternative Name: DNS:*.opensuse.org, DNS:opensuse.org
Updated by tampakrap over 6 years ago
- Category set to Servers hosted in Provo
- Assignee set to tampakrap
forwarded to MF-IT