id summary reporter owner description type status priority milestone component version resolution keywords cc launchpad_bug 2791 Tahoe CLI / SSL certificate cedric "Hi, I'm running a small grid with few nodes. I use Web API through HTTPS with self signed certificates/Internal CA I'm dealing with some troubles when i call tahoe cli (eg: tahoe create-alias....). ""tahoe create-alias test"" return error: {{{ Traceback (most recent call last): File ""/venv/local/lib/python2.7/site-packages/allmydata/scripts/runner.py"", line 162, in run rc = runner(sys.argv[1:], install_node_control=install_node_control) File ""/venv/local/lib/python2.7/site-packages/allmydata/scripts/runner.py"", line 147, in runner rc = cli.dispatch[command](so) File ""/venv/local/lib/python2.7/site-packages/allmydata/scripts/cli.py"", line 486, in create_alias rc = tahoe_add_alias.create_alias(options) File ""/venv/local/lib/python2.7/site-packages/allmydata/scripts/tahoe_add_alias.py"", line 85, in create_alias resp = do_http(""POST"", url) File ""/venv/local/lib/python2.7/site-packages/allmydata/scripts/common_http.py"", line 70, in do_http c.endheaders() File ""/usr/lib/python2.7/httplib.py"", line 997, in endheaders self._send_output(message_body) File ""/usr/lib/python2.7/httplib.py"", line 850, in _send_output self.send(msg) File ""/usr/lib/python2.7/httplib.py"", line 812, in send self.connect() File ""/usr/lib/python2.7/httplib.py"", line 1212, in connect server_hostname=server_hostname) File ""/usr/lib/python2.7/ssl.py"", line 350, in wrap_socket _context=self) File ""/usr/lib/python2.7/ssl.py"", line 566, in __init__ self.do_handshake() File ""/usr/lib/python2.7/ssl.py"", line 796, in do_handshake match_hostname(self.getpeercert(), self.server_hostname) File ""/usr/lib/python2.7/ssl.py"", line 273, in match_hostname % (hostname, dnsnames[0])) CertificateError: hostname '127.0.0.1' doesn't match u'Myhostname' }}} SSL certificate has CN=Myhostname and an alternative name IP.1=127.0.0.1. CA certificate is available in /etc/ssl/certs/ and c_rehash done. openssl s_client -connect 127.0.0.1:3456 -CApath /etc/ssl/certs/ return ""Ok"". It seem that ssl.py is only try to verify CN == hostname, there is no verification on alternative name. The only way i've found to get tahoe cli working is to change node.url by replacing https://127.0.0.1:3456 by https://Myhostname:3456 I missed something? Thanks for your help and thanks for the great job on Tahoe-LAFS! " defect new normal undecided code-frontend-cli 1.11.0