Project

General

Profile

Bug #32288

Server CA cert not verified for IPA token API call

Added by Lukas Zapletal almost 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Smart proxy ignores CA server certificate for a HTTPS call to IPA when fetching the token:

https://github.com/theforeman/smart-proxy/blob/88fbc8e67d665e2c3b19acb53b31ff30acf078b7/modules/realm_freeipa/provider.rb#L32-L38

There should be a setting to verify CA cert (enabled by default), an installer option and instructions in our documentation on how to enroll na CA cert into the OS cert store.

This issue was reported by Evgeni Golov, thank you.


Related issues

Related to Installer - Feature #32289: Option to toggle IPA API server CA verificationNew

Associated revisions

Revision 3bf19e08 (diff)
Added by Lukas Zapletal almost 2 years ago

Fixes #32288 - verify FreeIPA CA by default and new setting

History

#1 Updated by Lukas Zapletal almost 2 years ago

  • Related to Feature #32289: Option to toggle IPA API server CA verification added

#2 Updated by The Foreman Bot almost 2 years ago

  • Assignee set to Lukas Zapletal
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/smart-proxy/pull/787 added

#3 Updated by The Foreman Bot almost 2 years ago

  • Fixed in Releases 2.5.0 added

#4 Updated by Anonymous almost 2 years ago

  • Status changed from Ready For Testing to Closed

#5 Updated by Lukas Zapletal almost 2 years ago

  • Bugzilla link set to 1948006
  • Triaged changed from No to Yes

#6 Updated by The Foreman Bot over 1 year ago

  • Pull request https://github.com/theforeman/smart-proxy/pull/792 added

#7 Updated by Ewoud Kohl van Wijngaarden over 1 year ago

  • Pull request deleted (https://github.com/theforeman/smart-proxy/pull/792)

Also available in: Atom PDF