Project

General

Profile

Actions

Bug #32288

closed

Server CA cert not verified for IPA token API call

Added by Lukas Zapletal almost 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
-
Difficulty:
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

Smart proxy ignores CA server certificate for a HTTPS call to IPA when fetching the token:

https://github.com/theforeman/smart-proxy/blob/88fbc8e67d665e2c3b19acb53b31ff30acf078b7/modules/realm_freeipa/provider.rb#L32-L38

There should be a setting to verify CA cert (enabled by default), an installer option and instructions in our documentation on how to enroll na CA cert into the OS cert store.

This issue was reported by Evgeni Golov, thank you.


Related issues 1 (1 open0 closed)

Related to Installer - Feature #32289: Option to toggle IPA API server CA verificationNewActions
Actions #1

Updated by Lukas Zapletal almost 3 years ago

  • Related to Feature #32289: Option to toggle IPA API server CA verification added
Actions #2

Updated by The Foreman Bot almost 3 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Lukas Zapletal
  • Pull request https://github.com/theforeman/smart-proxy/pull/787 added
Actions #3

Updated by The Foreman Bot almost 3 years ago

  • Fixed in Releases 2.5.0 added
Actions #4

Updated by Anonymous almost 3 years ago

  • Status changed from Ready For Testing to Closed
Actions #5

Updated by Lukas Zapletal almost 3 years ago

  • Triaged changed from No to Yes
  • Bugzilla link set to 1948006
Actions #6

Updated by The Foreman Bot over 2 years ago

  • Pull request https://github.com/theforeman/smart-proxy/pull/792 added
Actions #7

Updated by Ewoud Kohl van Wijngaarden over 2 years ago

  • Pull request deleted (https://github.com/theforeman/smart-proxy/pull/792)
Actions

Also available in: Atom PDF