Hello Chris,
On 12.05.19 13:36, Chris Novakovic via RT wrote:
Show quoted text> Thanks for the report, Andreas.
>
> On Sun May 12 07:15:13 2019, voegelas wrote:
>> Testing Net::SSLeay 1.88 on Slackware64-current with OpenSSL 1.1.1b
>> fails in 15_altnames.t when connecting to www.google.com. This problem
>> might depend on the location, which is Germany in my case. I ran the
>> exernal tests in two locations, Stuttgart and Nuremberg. If
>> www.google.com is replaced with, for example, www.duckduckgo.com or
>> www.heise.de the tests pass.
>>
>> $ prove -v t/external/15_altnames.t
>> t/external/15_altnames.t ..
>> 1..9
>> ok 1 - connection
>> not ok 2 - get_subjectAltNames works
>>
>> my @sites = qw(
>> www.google.com
>> www.microsoft.com
>> www.kernel.org
>> );
>
> This does indeed appear to depend on your location, as the test passes fine from a UK IP address --- apart from test 2, does t/external/15_altnames.t pass for you?
Yes, www.microsoft.com and www.kernel.org are tested successfully.
If I connect to www.google.com with "openssl s_client -connect www.google.com:443 -servername www.google.com" I get the certificate attached in openssl.crt, which contains a subject alternative name.
I added the below line to 15_altnames.t.
print STDERR Net::SSLeay::PEM_get_string_X509($c);
This outputs the certificate attached in perl.crt. The certificate's subject is:
Subject: OU = "No SNI provided; please fix your client.", CN = invalid2.invalid
The command "openssl s_client -connect www.google.com:443 -noservername" also returns the invalid certificate.
www.google.com resolves to the below addresses. I've got both IPv4 and IPv6, but that doesn't seem to matter.
$ host www.google.com
www.google.com has address 172.217.22.100
www.google.com has IPv6 address 2a00:1450:4001:81d::2004
