Actions
Bug #13817
closed
ENC smart proxy validation fails
Difficulty:
Triaged:
Bugzilla link:
Description
Using latest nightly and encountered the following error: No smart proxy server found on [] and is not in trusted_puppetmaster_hosts
As you can see it wasn't listing the connecting smart proxy / host. Dug into the code and found the following section of code:
if certificate.subject_alternative_names
request_hosts += certificate.subject_alternative_names
elsif certificate.subject
request_hosts << certificate.subject
end
Testing of certificate.subject_alternative_names always evaluates to true even when no SAN. This results in request_hosts to be empty and authentication of the request fails.
Updated by Matthew Ceroni almost 9 years ago
Created pull request to fix issue:
Updated by Anonymous almost 9 years ago
- Category set to Security
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3213 added
Updated by Dominic Cleal almost 9 years ago
- Assignee set to Matthew Ceroni
- Translation missing: en.field_release set to 71
Updated by Dominic Cleal almost 9 years ago
- Related to Feature #12127: Foreman should verify x509 subject alternative names when authenticating a smart proxy added
Updated by The Foreman Bot almost 9 years ago
- Pull request https://github.com/theforeman/foreman/pull/3277 added
Updated by Anonymous almost 9 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset f441da9df0f835b1db166724c6ebbc2a695bc498.
Updated by
Actions