DC: certificate warning returned when execute system command against subcloud on system controller
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Andy |
Bug Description
Brief Description
-----------------
Following warning is returned when running a system command for subcoud from system controller.
Admin endpoint was used as os auth url.
[sysadmin@
/usr/lib/
As per Greg:
subcloud1-
From Andy:
I think that's a bug with the cert. We didn't pay a lot of attention to RFC2818, where looks like subjectAltName is checked before CN.
If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used. Although
the use of the Common Name is existing practice, it is deprecated and
Certification Authorities are encouraged to use the dNSName instead.
But I didn't see in it if the SAN is ipAddress, what should be checked first ... I assume SAN should always checked before CN.
Severity
--------
Major
Steps to Reproduce
------------------
- Install and configured a DC system with subclouds
- On DC system controller, run a system command for subcloud region using subcloud admin endpoint for authentication
e.g.,
system --os-auth-url https://[fd01:12:
Expected Behavior
------------------
- cmd runs successfully without any warning
Actual Behavior
----------------
- cmd was successful, but additional certificate warning displayed
Reproducibility
---------------
[Reproducible/
System Configuration
-------
Distributed Cloud
Branch/Pull Time/Commit
-------
"2020-06-
Last Pass
---------
Unknown
Timestamp/Logs
--------------
[sysadmin@
/usr/lib/
SubjectAltNam
+----+-
| id | hostname | personality | administrative | operational | availability |
+----+-
| 1 | controller-0 | controller | unlocked | enabled | available |
+----+-
Tue Jul 7 19:15:38 UTC 2020
Test Activity
-------------
Normal use
Changed in starlingx: | |
status: | New → Triaged |
importance: | Undecided → Medium |
tags: | added: stx.5.0 stx.distcloud |
Changed in starlingx: | |
assignee: | nobody → Andy (andy.wrs) |
Fix proposed to branch: master /review. opendev. org/747971
Review: https:/