commit 20a7a26c165edef401eb3ebd775000b9d9ab71b5
Author: Michael Johnson <email address hidden>
Date: Wed Nov 22 21:45:44 2023 +0000
Fix issue with certificates with no subject or CN
This patch fixes an issue where if the user attempts to use a
certificate that does not have a subject or CN, we would fail to create
a listener using the certificate.
Per the x.509 specification, a blank subject is allowed as long as the
subjectAltName extension is present in the certificate.
Octavia will now check for the a valid subAltName if the subject CN can
not be retrieved. If both are missing an appropriate error is raised for
the user.
Closes-Bug: #2043582
Change-Id: I06911f42b9bf29cf9a5f2e76d8333d8a2f1bc60b
(cherry picked from commit 73cdee503ff1cb3419d8db0295b20b2b6ddf30c0)
Reviewed: https:/ /review. opendev. org/c/openstack /octavia/ +/905099 /opendev. org/openstack/ octavia/ commit/ 20a7a26c165edef 401eb3ebd775000 b9d9ab71b5
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/2023.1
commit 20a7a26c165edef 401eb3ebd775000 b9d9ab71b5
Author: Michael Johnson <email address hidden>
Date: Wed Nov 22 21:45:44 2023 +0000
Fix issue with certificates with no subject or CN
This patch fixes an issue where if the user attempts to use a
certificate that does not have a subject or CN, we would fail to create
a listener using the certificate.
Per the x.509 specification, a blank subject is allowed as long as the
subjectAltName extension is present in the certificate.
Octavia will now check for the a valid subAltName if the subject CN can
not be retrieved. If both are missing an appropriate error is raised for
the user.
Closes-Bug: #2043582 cf9a5f2e76d8333 d8a2f1bc60b 419d8db0295b20b 2b6ddf30c0)
Change-Id: I06911f42b9bf29
(cherry picked from commit 73cdee503ff1cb3