Project

General

Profile

Bug #9089

SSL client certification cannot be disabled per plugin

Added by Sachin Ghai almost 6 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Urgent
Category:
Core
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Was trying to doscover a host via foreman proxy and set following params in defauly pxe file:

proxy.url=https://<fqdn>:9090 and proxy.type=proxy

Host was discocovered and registered with server.. but facts import was unsuccessful.

Following error was on host console:
foreman 403: no client SSL certificate supplied.

Processing by Api::V2::DiscoveredHostsController#facts as JSON
Parameters: {"facts"=>"[FILTERED]", "apiv"=>"v2", "discovered_host"=>{"facts"=>"[FILTERED]"}}
Import facts for 'sghai525400c94926' completed. Added: 58, Updated: 0, Deleted 0 facts
Discovered facts import unsuccessful, skipping auto provisioning
Completed 201 Created in 451ms (Views: 10.3ms | ActiveRecord: 0.5ms)

Associated revisions

Revision 0207401d (diff)
Added by Lukas Zapletal almost 6 years ago

Fixes #9089 - refactored SSL client verification into method

History

#1 Updated by Lukas Zapletal almost 6 years ago

  • Priority changed from Normal to Urgent

This one is a bummer to, proxy expects client certificates for all requests coming via https. We need to safely turn this off for some paths in lib/sinatra/ssl_client_verification.rb (per-plugin). We need an plugin API I think for this.

#2 Updated by Ori Rabin almost 6 years ago

  • Priority changed from Urgent to High

Because of the amount of changes needed to fix this and the fact that RC2 should be released today,
https will not be supported for proxy communication this version.
Documentation has been updated.

#3 Updated by Lukas Zapletal almost 6 years ago

  • Project changed from Discovery to Smart Proxy
  • Subject changed from Host discovery via foreman proxy(with https) doesn't import facts on server due to error: 403: no client SSL certificate supplied to SSL client certification cannot be disabled per plugin
  • Category changed from Smart Proxy Plugin to Core
  • Priority changed from High to Urgent

#4 Updated by The Foreman Bot almost 6 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/smart_proxy_discovery/pull/4 added
  • Pull request deleted ()

#5 Updated by Anonymous almost 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#6 Updated by Dominic Cleal almost 6 years ago

  • Legacy Backlogs Release (now unused) set to 28

#7 Updated by Lukas Zapletal over 5 years ago

  • Pull request https://github.com/theforeman/smart_proxy_discovery/pull/7 added
  • Pull request deleted (https://github.com/theforeman/smart_proxy_discovery/pull/4)

Also available in: Atom PDF