Incorrect ssl-public-key causes silent failure of landscape-client
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
landscape-client-charm |
New
|
Undecided
|
Unassigned |
Bug Description
If you deploy landscape without SSL and you then go about enabling SSL, if you have an incorrectly configured ssl-public-key in the landscape-charm (meaning the cert is failing to handshake properly with the server (subject name mismatch, expiration, etc), the charm just happily sets up the CA and shows success while the landscape-client broker is spinning on the following in the log:
2019-05-15 17:16:27,172 INFO [MainThread] Message exchange failed.
2019-05-15 17:16:27,172 INFO [MainThread] Message exchange completed in 0.14s.
2019-05-15 17:17:27,319 INFO [MainThread] Starting urgent message exchange with https:/
2019-05-15 17:17:27,455 ERROR [PoolThread-
Traceback (most recent call last):
File "/usr/lib/
message_api)
File "/usr/lib/
headers=
File "/usr/lib/
raise PyCurlError(
PyCurlError: Error 51: SSL: certificate subject name (CN=myhost.maas) does not match target host name 'myhost.maas'
Of course, the above error was operator error in creating a subject with "CN=myhost.maas" resulting in the subject actually being CN=CN=myhost.maas, however, this needs to either be alerted on or needs to be shown as blocking/error in the juju model.
Should be fixed with /code.launchpad .net/~alitvinov /landscape- client- charm/Improve- reporting- lp1800687
https:/