Bug 1329327

Fixed in version 0.9.54.6-1

Why the depends on bugs of this bug are still in Modified state and this bug on QE. May I verify this bug unless those 2 bugs get verified ?

There's nothing to verify here, it's a dev task to upgrade the version of the qpid library that ships with candlepin. The dependent bug needs that first.

Verified !

This bug has nothing to test from QE perspective as its not Customer facing.

So moving to verified state.

Feel free to reopen if required.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1501

Hi,

This doesn't seem to be working for me, on this version of candlepin:

[root@qpid-localhost tomcat]# rpm -q candlepin
candlepin-0.9.54.6-1.el7.noarch


Tomcat still shows this error:

Caused by: java.lang.RuntimeException: javax.jms.JMSException: Error creating connection: SSL hostname verification failed. Expected : localhost Found in cert : qpid-localhost.example.com


The certificate shows alt names:

            X509v3 Subject Alternative Name: 
                DNS:qpid-localhost.example.com, DNS:localhost

Full certificate:

[root@qpid-localhost tomcat]# openssl s_client -connect localhost:5671 | openssl x509 -noout -text
depth=1 C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = qpid-localhost.example.com
verify return:1
depth=0 C = US, ST = North Carolina, O = pulp, OU = SomeOrgUnit, CN = qpid-localhost.example.com
verify return:1
140409204340640:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1259:SSL alert number 42
140409204340640:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12201245780118169912 (0xa95388645d2d6938)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=North Carolina, L=Raleigh, O=Katello, OU=SomeOrgUnit, CN=qpid-localhost.example.com
        Validity
            Not Before: Oct  6 14:00:59 2016 GMT
            Not After : Oct  8 14:00:59 2036 GMT
        Subject: C=US, ST=North Carolina, O=pulp, OU=SomeOrgUnit, CN=qpid-localhost.example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c8:2d:bb:51:c0:3f:af:77:69:5f:cd:3f:19:9b:
                    ef:7a:06:fb:3d:d9:df:4c:72:69:d5:1d:54:1a:d0:
                    48:fc:72:fe:96:ba:ee:57:f8:97:03:d7:39:d3:4b:
                    a8:e7:f4:92:10:64:73:48:b2:aa:19:ce:0f:df:75:
                    c3:d9:01:3c:28:a9:a3:cf:7c:81:c1:bd:3b:e3:69:
                    5c:6b:b1:b4:a3:e6:f5:b3:86:77:7b:eb:d4:5e:84:
                    1e:0a:9b:eb:e1:8f:7b:47:38:98:16:ad:15:f8:45:
                    f5:28:35:ba:52:ed:e6:06:03:84:ee:f4:ec:38:a4:
                    e0:dc:ca:1e:c1:30:f4:b3:8c:7b:c6:3d:c3:5e:d8:
                    55:6e:69:5e:0b:e5:b3:b0:cc:49:c5:e1:ad:84:0c:
                    a7:98:5f:de:90:11:41:88:86:be:cd:ae:bc:25:15:
                    e1:d4:2d:7e:a6:18:09:50:a0:31:24:49:80:51:e0:
                    f9:92:c4:65:9a:c6:d1:fe:57:ca:bf:bc:92:cb:89:
                    08:3b:e6:26:07:34:db:f9:d8:87:9d:13:b5:aa:e3:
                    34:71:c1:d2:00:73:1c:cb:27:ab:e9:02:4e:8e:0b:
                    ec:a6:84:8d:f6:b3:6a:39:12:cb:c1:fb:ef:98:d3:
                    96:1a:9e:c4:e1:12:89:df:42:6b:18:da:0e:7d:c5:
                    0d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            Netscape Cert Type: 
                SSL Server
            Netscape Comment: 
                Katello SSL Tool Generated Certificate
            X509v3 Subject Key Identifier: 
                18:71:4B:69:4B:E8:F1:BB:48:A6:E1:51:D7:72:34:52:AF:37:D0:9C
            X509v3 Authority Key Identifier: 
                keyid:88:39:0F:2A:B8:B8:B0:6E:9B:66:1D:3C:A9:59:CA:0D:15:CB:9A:54
                DirName:/C=US/ST=North Carolina/L=Raleigh/O=Katello/OU=SomeOrgUnit/CN=qpid-localhost.example.com
                serial:A9:53:88:64:5D:2D:69:2F

            X509v3 Subject Alternative Name: 
                DNS:qpid-localhost.example.com, DNS:localhost
    Signature Algorithm: sha256WithRSAEncryption
         2a:53:88:c4:89:12:00:50:84:1f:78:c5:b8:45:d7:41:3c:8d:
         57:b5:22:60:0d:86:a7:49:50:76:c1:46:01:9c:5e:06:ea:50:
         7f:10:46:21:af:2c:3f:e9:01:80:38:66:e3:6b:3e:d6:93:33:
         77:ea:88:d5:0b:2e:b4:18:8a:7c:ce:14:c4:cf:0a:b2:59:5b:
         3b:46:08:98:65:74:4b:af:dc:75:13:c5:b4:29:f3:de:b5:3d:
         5c:3c:e5:75:55:4b:c6:3b:49:d8:ce:4c:b9:bd:1a:51:12:0d:
         11:ad:d8:09:06:f7:5f:4f:dc:86:42:97:0b:b3:01:31:4c:b3:
         a6:ff:4b:7f:0f:8f:8a:50:84:b9:8b:32:07:ef:9e:cd:1e:c9:
         fc:0c:30:6f:29:95:ed:15:ee:77:77:41:fa:e4:f7:eb:9c:41:
         0b:ab:75:28:d3:25:bf:b1:1f:b5:f0:0d:a9:d8:5a:9c:ac:9f:
         96:63:c3:e7:d2:75:c4:d4:6d:8d:2f:73:ce:f6:4c:cb:82:78:
         03:57:9c:4a:df:74:b0:91:d7:34:03:dc:c1:ed:44:a4:89:b2:
         c2:d9:8a:83:11:29:ed:e6:8e:a8:02:d1:80:b5:67:c6:c0:23:
         8d:f6:08:5d:de:31:4d:86:ee:ce:58:ef:f5:a3:82:27:ba:8b:
         31:9e:71:20

Stephen, if you are still seeing this issue then please re-open.

Fixed in version 0.9.54.10-1

Seems like this should already be closed out.
I have candlepin-0.9.54.21-1.el7.noarch on my 6.2.10 install.

That sound good to you Barnaby?

Craig, I would agree

Per the comments above, I am closing this out as CURRENT RELEASE.