Feature #12127: Foreman should verify x509 subject alternative names when authenticating a smart proxy - Foreman

Actions

Copy link

Feature #12127

closed

Foreman should verify x509 subject alternative names when authenticating a smart proxy

Added by Timo Goebel over 9 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Timo Goebel

Category:

Smart Proxy

Target version:

1.11.0

Difficulty:

easy

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/2807

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

Foreman should verify the san attributes of the client cert if they are set in the certificate. Currently only the dn is checked.
This helps in a ha environment when using the vipname in the san.

https://github.com/theforeman/foreman/blob/1.10-stable/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb#L49

Related issues 2 (0 open — 2 closed)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

	Related to Foreman - Bug #13817: ENC smart proxy validation fails	Closed	Matthew Ceroni	02/19/2016			Actions
	Has duplicate Foreman - Bug #12126: Foreman should verify x509 subject alternative names when authenticating a smart proxy	Duplicate	Timo Goebel	10/09/2015			Actions

Project

General

Profile

Custom queries

Feature #12127

Foreman should verify x509 subject alternative names when authenticating a smart proxy

Updated by Dominic Cleal over 9 years ago

Updated by The Foreman Bot over 9 years ago

Updated by Dominic Cleal about 9 years ago

Updated by Anonymous about 9 years ago

Updated by Dominic Cleal almost 9 years ago