Project

General

Profile

Feature #12127

Foreman should verify x509 subject alternative names when authenticating a smart proxy

Added by Timo Goebel almost 4 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Smart proxies
Target version:
Difficulty:
easy
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Foreman should verify the san attributes of the client cert if they are set in the certificate. Currently only the dn is checked.
This helps in a ha environment when using the vipname in the san.

https://github.com/theforeman/foreman/blob/1.10-stable/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb#L49


Related issues

Related to Foreman - Bug #13817: ENC smart proxy validation failsClosed2016-02-19
Has duplicate Foreman - Bug #12126: Foreman should verify x509 subject alternative names when authenticating a smart proxyDuplicate2015-10-09

Associated revisions

Revision 3ba1fa7c (diff)
Added by Timo Goebel almost 4 years ago

fixes #12127 - verify x509 subject alternative names when authenticating a smart proxy

History

#1 Updated by Dominic Cleal almost 4 years ago

  • Has duplicate Bug #12126: Foreman should verify x509 subject alternative names when authenticating a smart proxy added

#2 Updated by The Foreman Bot almost 4 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/2807 added
  • Pull request deleted ()

#3 Updated by Dominic Cleal almost 4 years ago

  • Legacy Backlogs Release (now unused) set to 71

#4 Updated by Anonymous almost 4 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#5 Updated by Dominic Cleal over 3 years ago

  • Related to Bug #13817: ENC smart proxy validation fails added

Also available in: Atom PDF