Ubuntu One Client

[lucid] ubuntuone-preferences: SSL hostname validation failed

Bug #1081144 reported by Roman Yepishev on 2012-11-20

This bug affects 3 people

Affects		Status	Importance	Assigned to
	Ubuntu One Client	Won't Fix	Undecided	Unassigned
	ubuntuone-client (Ubuntu)	Won't Fix	Medium	Ubuntu One Client Engineering team
Nominated for Lucid by Roman Yepishev

Bug Description

New lucid accounts cannot register or add a new machine.

At the moment ubuntuone-preferences shows an error message:

Authorization Error
[Errno socket error] SSL hostname validation failed

This is happening because ubuntuone.com (which is referenced from lucid clients) has subject field of SSL certificate set to *.ubuntuone.com and the monkey-patched SSL verification checks for subject field only.

ubuntuone.com is present in subjectAltName but it is not being checked.

FIXED by changing the certificate on the server side.

See original description

Tags:

CVE References

2011-4409

Revision history for this message

Roman Yepishev (rye) wrote on 2012-11-20:

auth_error.png Edit (33.5 KiB, image/png)

tags:

added: u1-support

Roman Yepishev (rye) on 2012-11-20

description:

updated

Revision history for this message

Roman Yepishev (rye) wrote on 2012-11-20:

CVE-2011-4409.patch Edit (26.2 KiB, text/plain)

Updated CVE patch originated from LP:882062

Changed in ubuntuone-client (Ubuntu):
assignee:	nobody → Ubuntu One Client Engineering team (ubuntuone-client-engineering)
status:	New → Confirmed
importance:	Undecided → Medium

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2012-11-21:

The attachment "CVE-2011-4409.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags:

added: patch

Revision history for this message

Roman Yepishev (rye) wrote on 2012-11-21:

oauth_urls Edit (381 bytes, text/plain)

oauth_urls which uses the new urls and can be used as a workaound for the issue.

description:

updated

Roman Yepishev (rye) on 2012-11-22

description:

updated

Roman Yepishev (rye) on 2012-11-22

description:

updated

Revision history for this message

Roman Yepishev (rye) wrote on 2012-11-30:

This was fixed by changing ubuntuone.com certificate to a non-wildcard one.

description:	updated
Changed in ubuntuone-client (Ubuntu):
status:	Confirmed → Won't Fix
Changed in ubuntuone-client:
status:	New → Won't Fix