Project

General

Profile

Actions

Bug #9089

closed

SSL client certification cannot be disabled per plugin

Added by Sachin Ghai over 9 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Urgent
Category:
Core
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Was trying to doscover a host via foreman proxy and set following params in defauly pxe file:

proxy.url=https://<fqdn>:9090 and proxy.type=proxy

Host was discocovered and registered with server.. but facts import was unsuccessful.

Following error was on host console:
foreman 403: no client SSL certificate supplied.

Processing by Api::V2::DiscoveredHostsController#facts as JSON
Parameters: {"facts"=>"[FILTERED]", "apiv"=>"v2", "discovered_host"=>{"facts"=>"[FILTERED]"}}
Import facts for 'sghai525400c94926' completed. Added: 58, Updated: 0, Deleted 0 facts
Discovered facts import unsuccessful, skipping auto provisioning
Completed 201 Created in 451ms (Views: 10.3ms | ActiveRecord: 0.5ms)

Actions #1

Updated by Lukas Zapletal about 9 years ago

  • Priority changed from Normal to Urgent

This one is a bummer to, proxy expects client certificates for all requests coming via https. We need to safely turn this off for some paths in lib/sinatra/ssl_client_verification.rb (per-plugin). We need an plugin API I think for this.

Actions #2

Updated by Ori Rabin about 9 years ago

  • Priority changed from Urgent to High

Because of the amount of changes needed to fix this and the fact that RC2 should be released today,
https will not be supported for proxy communication this version.
Documentation has been updated.

Actions #3

Updated by Lukas Zapletal about 9 years ago

  • Project changed from Discovery to Smart Proxy
  • Subject changed from Host discovery via foreman proxy(with https) doesn't import facts on server due to error: 403: no client SSL certificate supplied to SSL client certification cannot be disabled per plugin
  • Category changed from Smart Proxy Plugin to Core
  • Priority changed from High to Urgent
Actions #4

Updated by The Foreman Bot about 9 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/smart_proxy_discovery/pull/4 added
  • Pull request deleted ()
Actions #5

Updated by Anonymous about 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #6

Updated by Dominic Cleal about 9 years ago

  • translation missing: en.field_release set to 28
Actions #7

Updated by Lukas Zapletal about 9 years ago

  • Pull request https://github.com/theforeman/smart_proxy_discovery/pull/7 added
  • Pull request deleted (https://github.com/theforeman/smart_proxy_discovery/pull/4)
Actions

Also available in: Atom PDF