Bug #32288: Server CA cert not verified for IPA token API call - Smart Proxy - Foreman

Actions

Copy link

Bug #32288

closed

Server CA cert not verified for IPA token API call

Added by Lukas Zapletal over 3 years ago. Updated over 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Lukas Zapletal

Category:

Security

Target version:

Difficulty:

Triaged:

Yes

Bugzilla link:

1948006

Pull request:

https://github.com/theforeman/smart-proxy/pull/787

Fixed in Releases:

Foreman - 2.5.0

Found in Releases:

Red Hat JIRA:

Description

Smart proxy ignores CA server certificate for a HTTPS call to IPA when fetching the token:

https://github.com/theforeman/smart-proxy/blob/88fbc8e67d665e2c3b19acb53b31ff30acf078b7/modules/realm_freeipa/provider.rb#L32-L38

There should be a setting to verify CA cert (enabled by default), an installer option and instructions in our documentation on how to enroll na CA cert into the OS cert store.

This issue was reported by Evgeni Golov, thank you.

Related issues 1 (1 open — 0 closed)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Smart Proxy

Custom queries

Bug #32288

Server CA cert not verified for IPA token API call

Updated by Lukas Zapletal over 3 years ago

Updated by The Foreman Bot over 3 years ago

Updated by The Foreman Bot over 3 years ago

Updated by Anonymous over 3 years ago

Updated by Lukas Zapletal over 3 years ago

Updated by The Foreman Bot over 3 years ago

Updated by Ewoud Kohl van Wijngaarden over 3 years ago