The connection doesn’t fail because Syncthing verifies the device ID. I’m not sure what your second question is. This documentation article is relevant: https://docs.syncthing.net/dev/device-ids.html
I try to make a Certificate.
with openssl but the connect asks the CN (3rd party)
not at syncthing (device ID)?
How is the Certificate made for syncthing?
Syncthing expects the CN to be syncthing - there is an advanced config you can set to another value per device if you want to use a custom certificate with a different CN. Apart from that it’s just a regular self signed certificate, no magic.
Those are key usage bits, but in like dutch or something. We set the bits for encryption, digital signatures, server auth, and client auth when creating the certificate. We don’t actually care what bits are set after that point, other than what the Go TLS client might enforce by default.
so standard extensions as “Key Usage”, “Extended Key Usage”, “Subject Key Identifier” are info on Certificate, and not used in go (syncthing, other code). Or is it ignored in sycthing only.
I expect this error:
sslErrors:
"The host name did not match any of the valid hosts for this certificate"
end sslErrors
Ok, I understand the basics of it. but this takes more time, I’m going to figure this out: openssl, go, QT before asking further questions. Thanks in advance.