Bug 1058840

Summary: Issues with secure websockets
Product: OpenShift Online Reporter: Nikhil Mone <nmone>
Component: ContainersAssignee: Rory Thrasher <rthrashe>
Status: CLOSED WONTFIX QA Contact: libra bugs <libra-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 2.xCC: abhgupta, erich, erjones, jgoulding, knakayam, mpatel, nmone, paul+redhat, pep, tiwillia, vbatts, yoan.yo
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-31 18:22:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nikhil Mone 2014-01-28 15:40:31 UTC 
Description of problem:

For requests made  on port 8443, the proxy server is always using the *.rhcloud.com SSL certificate, even for apps which have custom SSL certs


Version-Release number of selected component (if applicable):


How reproducible:

# curl -I -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: www.abc.com" https://www.abc.com:8443
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.


Steps to Reproduce:
1.
2.
3.

Actual results:

the proxy server is always using the *.rhcloud.com SSL certificate

Expected results:

It should use the custom certificate associated with app.

Additional info:
Comment 1 Mrunal Patel 2014-01-30 01:26:32 UTC 
This hasn't been implemented yet. I have added a card to track this feature request.

https://trello.com/c/YXoKyA8d/399-add-custom-ssl-support-for-node-web-proxy
Comment 4 Josep 'Pep' Turro Mauri 2014-12-03 11:37:52 UTC 
(In reply to Kenjiro Nakayama from comment #3)
> Looks same with https://bugzilla.redhat.com/show_bug.cgi?id=1160380

Yes. And from that bz, the "new" trello card is here:

https://trello.com/c/EzMdQCQn/571-add-per-app-ssl-certificate-support-to-the-nodejs-websocket-frontend-plugin
Comment 6 Mrunal Patel 2015-12-14 23:16:49 UTC 
Eric Jones,
I don't see the card either. We need a new card for this as it hasn't been implemented yet.
Comment 14 paulrbr 2017-04-01 23:48:33 UTC 
Hello,

I have been wondering why I can't reach my custom domain secured websocket until I found this open bug.

Is there any possibility to fix this on Openshift Online? Do you know if thus will be fixed one day?

Thanks for the help,
Comment 15 Eric Paris 2017-05-31 18:22:11 UTC 
We apologize, however, we do not plan to address this report at this time. The majority of our active development is for the v3 version of OpenShift. If you would like for Red Hat to reconsider this decision, please reach out to your support representative. We are very sorry for any inconvenience this may cause.