Project

General

Profile

Actions

Feature #12127

closed

Foreman should verify x509 subject alternative names when authenticating a smart proxy

Added by Timo Goebel over 8 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Smart Proxy
Target version:
Difficulty:
easy
Triaged:
Fixed in Releases:
Found in Releases:

Description

Foreman should verify the san attributes of the client cert if they are set in the certificate. Currently only the dn is checked.
This helps in a ha environment when using the vipname in the san.

https://github.com/theforeman/foreman/blob/1.10-stable/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb#L49


Related issues 2 (0 open2 closed)

Related to Foreman - Bug #13817: ENC smart proxy validation failsClosedMatthew Ceroni02/19/2016Actions
Has duplicate Foreman - Bug #12126: Foreman should verify x509 subject alternative names when authenticating a smart proxyDuplicateTimo Goebel10/09/2015Actions
Actions #1

Updated by Dominic Cleal over 8 years ago

  • Has duplicate Bug #12126: Foreman should verify x509 subject alternative names when authenticating a smart proxy added
Actions #2

Updated by The Foreman Bot over 8 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/2807 added
  • Pull request deleted ()
Actions #3

Updated by Dominic Cleal over 8 years ago

  • translation missing: en.field_release set to 71
Actions #4

Updated by Anonymous over 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #5

Updated by Dominic Cleal about 8 years ago

  • Related to Bug #13817: ENC smart proxy validation fails added
Actions

Also available in: Atom PDF