Bug 746251
Summary: | aviary doesn't authenticate client with certificate signed by CA | ||
---|---|---|---|
Product: | Red Hat Enterprise MRG | Reporter: | Martin Kudlej <mkudlej> |
Component: | condor-aviary | Assignee: | Pete MacKinnon <pmackinn> |
Status: | CLOSED ERRATA | QA Contact: | MRG Quality Engineering <mrgqe-bugs> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | Development | CC: | iboverma, jneedle, matt, pmackinn, tstclair |
Target Milestone: | 2.1 | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | condor-7.6.5-0.1 | Doc Type: | Bug Fix |
Doc Text: |
Cause: Invoking an SSL connection using Aviary with just a CA file.
Consequence: SSL handshake fails since the local issuer of the client can't be resolved.
Fix: Corrected a code path to ensure that both a CA file and a CA dir are tried in the OpenSSL code within Aviary servers.
Result: Client can authenticate and establish secure connection over SSL when CA is set as a file.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2012-01-27 19:12:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 694612 |
Description
Martin Kudlej
2011-10-14 14:37:55 UTC
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: Invoking an SSL connection using Aviary with just a CA file. Consequence: SSL handshake fails since the local issuer of the client can't be resolved. Fix: Corrected a code path to ensure that both a CA file and a CA dir are tried in the OpenSSL code within Aviary servers. Result: Client can authenticate and establish secure connection over SSL when CA is set as a file. Tested on RHEL 5.7/6.1 x x86_64/i386 with condor-aviary-7.6.5-0.2 and it works. -->VERIFIED Configuration of certificates is above. I've used stunnel to create authenticated ssl connection to aviary and I've tested this with official examples from condor-aviary package. |