Re: How to make apt-transport-https accept security.debian.org bad certificate?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------- Forwarded Message --------
clicked reply, not reply list...
On 20/10/15 00:15, Mario Castelán Castro wrote:
> My question is: How can I make "apt-get" accept the certificate
> anyway, but only _this_ certificate or other certificates that are
> otherwise valid but have the same subdomain mismatch error (it
> should reject a bogus certificate from an attacker)?. In addition,
> where is the correct place to report this error?.
as far as i'm aware most applications that connect using ssl won't
accept an invalid cert on the basis of incorrect domain (even if it's
a trusted cert). (like i think the issue is here).
what you could try is an /etc/hosts entry to use the same domain as
the cert (if the server will accept that domain).
for untrusted certs (i don't think this is the issue here), you can
always import these into either the OS, or the application (eg java
uses jsecerts under lib security).
perhaps there is also a flag for apt to ignore ssl errors, but
wouldn't that defeat the purpose of ssl?
try /etc/hosts if you don't mind mapping the domain (you may not want
to do this as you won't be able to visit the domain you are re-mapping).
Kind Regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWJYKvAAoJEOYwtpHNe8FmmU0IAIB0C5fPQNIqo+6zUhEOoQo9
7q/+BvcToGo3TaPnvWzGnRpRQLE0AZC2/kyp4fQCLzi9SdVodYvA+09uF/ku9AhL
/Ri6byv0QsMjlm/f78efPxDz1JYCngDocVCfJl9/4SPKGzHQPvZY/CwQR0cqKQ0L
zk7DIt5di67bMOrCW1R/YPECpYunyhRy9X42huujCzuLWaxCkL8qz4l3Zvu/kCW8
11qDmQOkzu9DGmKZ6DGe8i+3YgL+3lHFIdYitxG+AZlbUAtO7kak261dKM922yNk
WQa/Kgta8x5tdZ5+1Uoje9sbUlAeOIyTuSgsc+f+RAWMHkhwuvNRcjs0o3ELypY=
=46ee
-----END PGP SIGNATURE-----
Reply to: