Warn when connecting without server-identity set
Using ~ten lines of Python/GI to connnect to google.com:443 and start a TLS connection I always get bad-certificate.
gi.repository.GLib.Error: g-tls-error-quark: Unacceptable TLS certificate (2)
Connecting to accept-certificate
shows that G_TLS_CERTIFICATE_UNKNOWN_CA
is set. However Epiphany works, and gnutls-cli
to the same host seems to work fine:
$ gnutls-cli 216.58.213.100 --sni-hostname=www.google.com --verify-hostname=www.google.com
...
- Status: The certificate is trusted.
My test case is at https://gist.github.com/rossburton/49d124f56d54c4c849de214921841c90. Exporting GNUTLS_DEBUG_LEVEL=9
will make gnutls dump more (but not always useful) details.
Edited by Michael Catanzaro