-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - -------- Forwarded Message -------- clicked reply, not reply list...
On 20/10/15 00:15, Mario Castelán Castro wrote: > My question is: How can I make "apt-get" accept the certificate > anyway, but only _this_ certificate or other certificates that are > otherwise valid but have the same subdomain mismatch error (it > should reject a bogus certificate from an attacker)?. In addition, > where is the correct place to report this error?. as far as i'm aware most applications that connect using ssl won't accept an invalid cert on the basis of incorrect domain (even if it's a trusted cert). (like i think the issue is here). what you could try is an /etc/hosts entry to use the same domain as the cert (if the server will accept that domain). for untrusted certs (i don't think this is the issue here), you can always import these into either the OS, or the application (eg java uses jsecerts under lib security). perhaps there is also a flag for apt to ignore ssl errors, but wouldn't that defeat the purpose of ssl? try /etc/hosts if you don't mind mapping the domain (you may not want to do this as you won't be able to visit the domain you are re-mapping). Kind Regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWJYKvAAoJEOYwtpHNe8FmmU0IAIB0C5fPQNIqo+6zUhEOoQo9 7q/+BvcToGo3TaPnvWzGnRpRQLE0AZC2/kyp4fQCLzi9SdVodYvA+09uF/ku9AhL /Ri6byv0QsMjlm/f78efPxDz1JYCngDocVCfJl9/4SPKGzHQPvZY/CwQR0cqKQ0L zk7DIt5di67bMOrCW1R/YPECpYunyhRy9X42huujCzuLWaxCkL8qz4l3Zvu/kCW8 11qDmQOkzu9DGmKZ6DGe8i+3YgL+3lHFIdYitxG+AZlbUAtO7kak261dKM922yNk WQa/Kgta8x5tdZ5+1Uoje9sbUlAeOIyTuSgsc+f+RAWMHkhwuvNRcjs0o3ELypY= =46ee -----END PGP SIGNATURE-----
