bzr does not send SNI
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bazaar |
Confirmed
|
Medium
|
Unassigned |
Bug Description
It seems that bzr does not send a Server Name Indication with HTTPS requests so it does not work with hosts that have several different certificates on the same IP:
pierre@
bzr: ERROR: Certificate error: hostname 'svn.strasweb.fr' doesn't match either of 'www2.strasweb.fr', 'strasweb.fr'
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: bzr 2.6.0~beta2-
ProcVersionSign
Uname: Linux 3.5.0-19-generic i686
ApportVersion: 2.6.1-0ubuntu6
Architecture: i386
Date: Wed Dec 12 22:27:48 2012
MarkForUpload: True
PackageArchitec
SourcePackage: bzr
UpgradeStatus: Upgraded to quantal on 2012-10-25 (48 days ago)
Changed in bzr: | |
status: | Expired → New |
Changed in bzr: | |
importance: | Undecided → Medium |
status: | New → Confirmed |
> bzr: ERROR: Certificate error: hostname 'svn.strasweb.fr' doesn't match either of 'www2.strasweb.fr', 'strasweb.fr'
It looks like bzr is trying the strasweb.fr certificate instead of the svn.strasweb.fr.
Can you try 'bzr pull -Dhttp' and attach the relevant part of your Bazaar log file ('bzr version' will tell you where it's located). There shouldn't be any sensitive data in there but have a look and anonymize as you see fit. What we need to see if which host is contacted when which '-Dhttp' should telll us.