Skip to content
Sign up
This repository

/ruby

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

add hostname to "hostname does not match server cert." error #122

Closed
wants to merge 1 commit into from
+1 1 

Labels

Milestone

No milestone

Assignee

No one assigned

3 participants

Wes Morgan Martin Bosslet Ayumu AIZAWA
Wes Morgan
cap10morgan commented

When the openssl library cannot verify a server certificate because the hostnames don't match, it outputs the error message: "hostname does not match the server certificate".

This causes people to throw their hands up and circumvent the security by disabling the cert verification or turning off SSL/TLS altogether.

It would be a huge improvement towards helping people debug and fix their mismatched certs if the error included the hostname that wasn't matching.

That's what my commit does.

Martin Bosslet
emboss commented

This looks fine to me!

@shyouhei It seems as if I cannot merge this directly. Could you please merge this or grant me the permission to do so? Thanks!

Ayumu AIZAWA ayumin closed this
Ayumu AIZAWA
Collaborator
ayumin commented

This patch was merged by r35494. Thanks.

Martin Bosslet
emboss commented

@ayumin Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Apr 25, 2012
  1. Wes Morgan

    add hostname to "hostname does not match server cert." error

    cap10morgan authored
    8c3854c
This page is out of date. Refresh to see the latest.
Unified Split
Showing with 1 addition and 1 deletion.
  1. +1 1  ext/openssl/lib/openssl/ssl.rb
2  ext/openssl/lib/openssl/ssl.rb
View
@@ -126,7 +126,7 @@ class SSLSocket
def post_connection_check(hostname)
unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
- raise SSLError, "hostname does not match the server certificate"
+ raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
end
return true
end
Something went wrong with that request. Please try again.