Metadata download error

Peter Schober peter.schober at
Thu Apr 3 12:09:06 EDT 2014

* Cantor, Scott <cantor.2 at> [2014-04-03 17:52]:
> I think curl is using SNI now to signal the name of the vhost to
> connect to.
> Newer OpenSSL versions also support that. I just tested that with
> -servername in the s_client command, and it gets back the right cert.

Ah, right. Time to adjust old habits when checking this.

So that means the OP's problem is a server relying on SNI support in
the HTTPS client for secure connections, which fails for the IDP.
Also would explain why tools on RHEL6 would work, if they gained SNI
support since RHEL5.

Would using a newer JRE alone fix this for the OP or does that involve
updating libraries in the IDP?

Seems the (unwanted) workaround of using external tools to pull the
metadata (if you must do that) is easiest.

More information about the users mailing list