Project

General

Profile

Bug #2151

Issues with SSL verification of proxies

Added by Dominic Cleal about 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Some issues thrown up during testing of #2121:

  • support DN instead of only CN, since nginx can't pass just the CN
  • empty CN shouldn't be accepted
  • change from rDNS of request IP to forward DNS of smart proxies?
  • support headers instead of env vars?

Related issues

Related to Foreman - Bug #2121: Unauthenticated YAML fact and reports importers can be exploitedClosed2013-01-09

Associated revisions

Revision a79b633b (diff)
Added by Dominic Cleal about 7 years ago

fixes #2151 - use DN environment variable instead of CN

nginx is unable to pass bits of the X.509 subject, only the entire DN, so
support that as a lowest common denominator.

History

#1 Updated by Dominic Cleal about 7 years ago

  • Status changed from New to Ready For Testing
  • Target version set to 1.1

https://github.com/theforeman/foreman/pull/389

I was going to change the rDNS scheme as well, but decided that I'll mention it in my e-mail to foreman-users to get feedback (will send as soon as the installer PR's merged).

#2 Updated by Dominic Cleal about 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF