Bug 790211

Summary: No server cert validation in consumer register
Product: [Retired] Pulp Reporter: Jason Connor <jconnor>
Component: user-experienceAssignee: Randy Barlow <rbarlow>
Status: CLOSED UPSTREAM QA Contact: Preethi Thomas <pthomas>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.0.6CC: mmccune, rbarlow, tsanders
Target Milestone: ---Keywords: Triaged
Target Release: 2.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-28 21:10:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jason Connor 2012-02-13 22:45:30 UTC 
Description of problem:
If the server's configured name and returned name do match, we error out on every command except consumer register

How reproducible:
Always

Steps to Reproduce:
1. Register consumer against misconfigured server 
2. Try to run any other command
  
Actual results:
Successful registration, unsuccessful subsequent commands

Expected results:
Unsuccessful registration
Comment 2 Randy Barlow 2014-09-22 14:20:33 UTC 
I verified that this issue has been resolved, but I do not know when it was resolved. To test this, I configured Apache to use a certificate from another host and tried to register against it:

(pulp)[rbarlow@notepad]/etc/pki/tls/certs% sudo pulp-consumer -u admin register --consumer-id notepad
Enter password: 
The server hostname configured on the client did not match the name found in the
server's SSL certificate. The client attempted to connect to
[notepad.usersys.redhat.com] but the server returned [grapefruit.rdu.redhat.com]
as its hostname. The expected hostname can be changed in the client
configuration file.

Alternatively, you could also configure /etc/hosts to resolve some arbitrary name to ::1 and then configure /etc/pulp/consumer/consumer.conf to use that name as the server to connect to. This should result in a similar error.
Comment 3 Preethi Thomas 2014-10-17 01:41:28 UTC 
verified


[root@qe-blade-14 ~]# rpm -qa pulp-consumer-client
pulp-consumer-client-2.5.0-0.8.beta.el6.noarch
[root@qe-blade-14 ~]#
Comment 4 Brian Bouterse 2015-02-28 21:10:39 UTC 
Moved to https://pulp.plan.io/issues/332