| Summary: | ENC smart proxy validation fails | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Bryan Kearney <bkearney> |
| Component: | Security | Assignee: | satellite6-bugs <satellite6-bugs> |
| Status: | CLOSED ERRATA | QA Contact: | Sanket Jagtap <sjagtap> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.2.0 | CC: | bbuckingham, cwelton, kbidarka |
| Target Milestone: | Unspecified | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://projects.theforeman.org/issues/13817 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-07-27 11:34:46 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Created from redmine issue http://projects.theforeman.org/issues/13817 Moving to POST since upstream bug http://projects.theforeman.org/issues/13817 has been closed ------------- Matthew Ceroni Created pull request to fix issue: [[https://github.com/theforeman/foreman/pull/3213]] ------------- Anonymous Applied in changeset commit:f441da9df0f835b1db166724c6ebbc2a695bc498. Build: Satellite 6.2 Snap 19.1 Puppet was installed and configured on provisioned hosts and puppet reports were successfully submitted. Also, Puppet master is running successfully.. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1501 |
Using latest nightly and encountered the following error: No smart proxy server found on [] and is not in trusted_puppetmaster_hosts As you can see it wasn't listing the connecting smart proxy / host. Dug into the code and found the following section of code: @ if certificate.subject_alternative_names request_hosts += certificate.subject_alternative_names elsif certificate.subject request_hosts << certificate.subject end @ Testing of certificate.subject_alternative_names always evaluates to true even when no SAN. This results in request_hosts to be empty and authentication of the request fails.