Project

General

Profile

Bug #14916

CDN url is allowed to be "https", which only works for one hostname

Added by Chris Duryee about 3 years ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Katello only ships with TLS CA certs for cdn.redhat.com1. However, the CDN url edit page in the web UI allows for any HTTPS url. This causes confusion since users will put HTTPS, then later during sync, get a remote host verification error since the CA doesn't match the host.

For now, katello should only allow "http" URLs with the exception of "cdn.redhat.com". This catches TLS issues that may appear later during sync.

[1] https://github.com/Katello/katello/tree/master/ca

Associated revisions

Revision 850a07fe (diff)
Added by Chris Duryee about 3 years ago

Fixes #14916 - restrict https to 'cdn.redhat.com' (#6016)

Katello only ships with a CA cert for `cdn.redhat.com`. However, users
are allowed to put any https URL into the manifest URL page. This
caused TLS sync errors which are not apparent until later when a sync
is kicked off.

Instead, validate the URL to ensure that it is either a `http` URL, or
is `https://cdn.redhat.com`.

History

#1 Updated by The Foreman Bot about 3 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/6016 added

#2 Updated by Eric Helms about 3 years ago

  • Legacy Backlogs Release (now unused) set to 143

#3 Updated by Chris Duryee about 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF