Project

General

Profile

Actions
Copy link

Feature #12127

closed

Foreman should verify x509 subject alternative names when authenticating a smart proxy

Added by Timo Goebel over 9 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Timo Goebel
Category:
Smart Proxy
Target version:
1.11.0
Difficulty:
easy
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/2807
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Foreman should verify the san attributes of the client cert if they are set in the certificate. Currently only the dn is checked.
This helps in a ha environment when using the vipname in the san.

https://github.com/theforeman/foreman/blob/1.10-stable/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb#L49

Related issues 2 (0 open2 closed)

Related to Foreman - Bug #13817: ENC smart proxy validation failsClosedMatthew Ceroni02/19/2016Actions
Has duplicate Foreman - Bug #12126: Foreman should verify x509 subject alternative names when authenticating a smart proxyDuplicateTimo Goebel10/09/2015Actions
Actions
Copy link
 #1

Updated by Dominic Cleal over 9 years ago

  • Has duplicate Bug #12126: Foreman should verify x509 subject alternative names when authenticating a smart proxy added
Actions
Copy link
 #2

Updated by The Foreman Bot over 9 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/2807 added
  • Pull request deleted ()
Actions
Copy link
 #3

Updated by Dominic Cleal about 9 years ago

  • Translation missing: en.field_release set to 71
Actions
Copy link
 #4

Updated by Anonymous about 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link
 #5

Updated by Dominic Cleal almost 9 years ago

  • Related to Bug #13817: ENC smart proxy validation fails added
Actions
Copy link

Also available in: Atom PDF