Closed Bug 923879 Opened 12 years ago Closed 11 years ago

RSS feed broken because of certificate mismatch

Categories

(Webtools Graveyard :: Air Mozilla, defect)

Product:
Webtools Graveyard
Component:
Air Mozilla
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: markus, Unassigned)

Details

When I try to subscribe to any feed from https://air.mozilla.org/feed/* I get an error in my RSS reader, saying the following: Couldn't download the specified URL: 51 SSL: certificate subject name 'tbpl.mozilla.org' does not match target host name 'air.mozilla.org' Can anyone reproduce this, or is it my reader (Tiny Tiny RSS) that is buggy?
Hi! Thanks for the bug report. I saw the same certificate warning for https://air.mozilla.org/ last week, but I cannot reproduce it now. It would be a problem with the server config (or an attempt to intercept) not a bug in your RSS reader. Chris, has anything changed recently with the air.mozilla.org cert, or can you think of a reason we'd be serving the wrong one only some of the time?
Hmm, so both sites use the same IP address. Perhaps the problem is that Tiny Tiny RSS doesn't implement TLS server name information?
Component: Other → Air Mozilla
Product: Air Mozilla → Webtools
Version: unspecified → other
we used to terminate ssl on a shared virtual ip (vip) on our load balancer using serer name indication (tls sni). the error reported here would indicate that the tiny tiny rss client not honor sni. http://en.wikipedia.org/wiki/Server_Name_Indication last fall we moved away from this model to have shared vips use the x.509 subject alternative name extension, which actually resolve this :)
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Yes, I can confirm that I can now subscribe to the feeds using Tiny Tiny RSS.
Product: Webtools → Webtools Graveyard
You need to log in before you can comment on or make changes to this bug.