Bug 1412830
Summary: | [3.2] Extended Route Validation Breaks Included Templates | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Ram Ranganathan <ramr> | |
Component: | Networking | Assignee: | Ram Ranganathan <ramr> | |
Networking sub component: | router | QA Contact: | zhaozhanqi <zzhao> | |
Status: | CLOSED ERRATA | Docs Contact: | ||
Severity: | high | |||
Priority: | high | CC: | aos-bugs, bleanhar, bmeng, erich, stwalter | |
Version: | 3.2.1 | |||
Target Milestone: | --- | |||
Target Release: | 3.2.1 | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: |
Cause: The extended certificate validation code (now enabled by default) would not allow some certificates that should be considered valid.
Consequence: Self-signed, expired, or not yet current certificates that were otherwise well-formed would be rejected.
Fix: The extended validation was changed to allow those cases.
Result: Those types of certificates are now allowed.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1465059 (view as bug list) | Environment: | ||
Last Closed: | 2017-01-26 20:43:41 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1465059 |
Description
Ram Ranganathan
2017-01-12 22:32:38 UTC
QE did the testing with ose-haproxy-router:v3.2.1.22 this bug should be fixed and also did some regression testing for haproxy, no issue found. sorry, typo the version should be 'openshift3/ose-haproxy-router:v3.2.1.23' If you look at https://access.redhat.com/containers/#/tags/57ea8d0a9c624c035f96f452 this image has not been pushed to the container registry via an errata. Tested on OCP 3.2.1.23 with router image b887c3dfe886 The edge route with expired cert can be created successfully. # oc get route NAME HOST/PORT PATH SERVICE TERMINATION LABELS jenkins jenkins-bmengp1.0124-1xt.qe.rhcloud.com jenkins edge/Redirect template=jenkins-ephemeral-template # openssl x509 -in cert.crt -text Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=SC, L=Default City, O=Default Company Ltd, OU=Test CA, CN=www.exampleca.com/emailAddress=example Validity Not Before: Jan 12 14:19:41 2015 GMT Not After : Jan 12 14:19:41 2016 GMT Subject: CN=www.example.com, ST=SC, C=US/emailAddress=example, O=Example, OU=Example Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0199 |