Bug #12126: Foreman should verify x509 subject alternative names when authenticating a smart proxy - Foreman

Actions

Copy link

Bug #12126

closed

Foreman should verify x509 subject alternative names when authenticating a smart proxy

Added by Timo Goebel over 9 years ago. Updated over 9 years ago.

Status:

Duplicate

Priority:

Normal

Assignee:

Timo Goebel

Category:

Smart Proxy

Target version:

Difficulty:

easy

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

Foreman should verify the san attributes of the client cert if they are set in the certificate. Currently only the dn is checked.
This helps in a ha environment when using the vipname in the san.

https://github.com/theforeman/foreman/blob/1.10-stable/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb#L49

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #12126

Foreman should verify x509 subject alternative names when authenticating a smart proxy

Updated by Dominic Cleal over 9 years ago

Updated by Dominic Cleal over 9 years ago

Updated by Timo Goebel over 9 years ago