Project

General

Profile

Actions
Copy link

Bug #12126

closed

Foreman should verify x509 subject alternative names when authenticating a smart proxy

Added by Timo Goebel over 9 years ago. Updated over 9 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
Timo Goebel
Category:
Smart Proxy
Target version:
-
Difficulty:
easy
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Foreman should verify the san attributes of the client cert if they are set in the certificate. Currently only the dn is checked.
This helps in a ha environment when using the vipname in the san.

https://github.com/theforeman/foreman/blob/1.10-stable/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb#L49

Related issues 1 (0 open1 closed)

Is duplicate of Foreman - Feature #12127: Foreman should verify x509 subject alternative names when authenticating a smart proxyClosedTimo Goebel10/09/2015Actions
Actions
Copy link
 #1

Updated by Dominic Cleal over 9 years ago

  • Is duplicate of Feature #12127: Foreman should verify x509 subject alternative names when authenticating a smart proxy added
Actions
Copy link
 #2

Updated by Dominic Cleal over 9 years ago

  • Status changed from New to Duplicate

Closing this one in favour of #12127.

Actions
Copy link
 #3

Updated by Timo Goebel over 9 years ago

Sorry for the duplicate, corporate proxy does strange things sometimes...

Actions
Copy link

Also available in: Atom PDF