Create a CV with at least one module and promote it on a system that does not have reverse DNS record (e.g. some beaker machines): E, [2015-05-14T13:56:31.419762 #23462] ERROR -- : Unable to resolve hostname for connecting client - 10.16.65.186. If it's to be a trusted host, ensure it has a reverse DNS entry. There is currently no workaround for this, you cannot continue until you fix this. We should either: A) Give the user some way to workaround this (extra switch) or B) Error out before installation if reverse DNS is not set (I was under imporession we already do this, apparently this is not working for Beta).
Upstream in the authorize_with_trusted_hosts method we already introduce a "forward_verify" flag. We need to backport this and to introduce another one "reverse_verify". Both flags are a decent workaround for all cases.
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
Moving 6.2 bugs out to sat-backlog.
I tested this and this works fine, reverse DNS is only a fallback. The proxy looks at the CN of the certificate now in trusted hosts first, so even if customer reverse DNS is broken, promotion still works.