octavia

  1. Bug #2043582
  2. Comment #14

Comment 14 for bug 2043582

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to octavia (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/octavia/+/905099
Committed: https://opendev.org/openstack/octavia/commit/20a7a26c165edef401eb3ebd775000b9d9ab71b5
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 20a7a26c165edef401eb3ebd775000b9d9ab71b5
Author: Michael Johnson <email address hidden>
Date: Wed Nov 22 21:45:44 2023 +0000

    Fix issue with certificates with no subject or CN

    This patch fixes an issue where if the user attempts to use a
    certificate that does not have a subject or CN, we would fail to create
    a listener using the certificate.
    Per the x.509 specification, a blank subject is allowed as long as the
    subjectAltName extension is present in the certificate.
    Octavia will now check for the a valid subAltName if the subject CN can
    not be retrieved. If both are missing an appropriate error is raised for
    the user.

    Closes-Bug: #2043582
    Change-Id: I06911f42b9bf29cf9a5f2e76d8333d8a2f1bc60b
    (cherry picked from commit 73cdee503ff1cb3419d8db0295b20b2b6ddf30c0)