relaxnow
commented
8 years ago This makes sense to me, @thijskh do you want me to merge this and tag a new release for this lib and janus?
Closed tvdijen closed 8 years ago
relaxnow
commented
8 years ago This makes sense to me, @thijskh do you want me to merge this and tag a new release for this lib and janus?
thijskh
commented
8 years ago @relaxnow Tim has been submitting a stream of improvements in recent weeks, maybe await to see if some more changes come before we tag a new release? @tvdijen
tvdijen
commented
8 years ago I have nothing coming up right now and most of my improvements are cosmetic anyway. Since the current 1.22 release is broken, I'd say go for it!
relaxnow
commented
8 years ago @thijskh agree?
thijskh
commented
8 years ago Agree
relaxnow
commented
8 years ago
When connecting to a host that serves multiple (sub)-domains, the original command would return the certificate for the default or first-defined vhost. This leads to the wrong certificate being pulled, which in turn leads to a failing certificate check in Janus (see picture).
In the example below, I have connected an IdP (idp.moo-archive.nl) that is hosted on an Apache machine that serves multiple domains (idp.moo-archive.nl and demo.moo-archive.nl). The certificate-check incorrectly pulls the certificate for demo.moo-archive.nl from the server, because the command lacks the SNI parameter.