Juju Charms Collection
apache2 package

self signed cert subjAltName should be used as fallback

Bug #1387333 reported by David Britton
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Juju Charms Collection)
In Progress
Medium
Unassigned

Bug Description

Since we are using subjAltName, we should put the CN in there as well as in CN proper. If it's an IP, it will not get correctly matched by some algorithms (like pycurl) if it's only in the CN:

2014-10-29 17:16:33,203 ERROR [PoolThread-twisted.internet.reactor-1] Error contacting the server at https://129.115.192.2:8443/message-system.
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/landscape/broker/transport.py", line 71, in exchange
    message_api)
  File "/usr/lib/python2.7/dist-packages/landscape/broker/transport.py", line 45, in _curl
    headers=headers, cainfo=self._pubkey, curl=curl))
  File "/usr/lib/python2.7/dist-packages/landscape/lib/fetch.py", line 101, in fetch
    raise PyCurlError(e.args[0], e.args[1])
PyCurlError: Error 51: SSL: certificate subject name (129.115.192.2) does not match target host name '129.115.192.2'

David Britton (dpb)
Changed in apache2 (Juju Charms Collection):
status: New → In Progress
importance: Undecided → Medium
David Britton (dpb)
Changed in apache2 (Juju Charms Collection):
assignee: David Britton (davidpbritton) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.