Hide Forgot
+++ This bug was initially created as a clone of Bug #1329327 +++ Description of problem: We are moving qpid to only listen on localhost in Satellite because of BZ1252573. So we add 'localhost' as an alternate DNS name on our certificate. Candlepin fails with this error: Caused by: org.apache.qpid.AMQException: Cannot connect to broker: SSL hostname verification failed. Expected : localhost Found in cert : centos7-bats.example.com It's due to qpid's java library in 0.30 only verifying the CN: https://github.com/apache/qpid/blob/0.30/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java#L58-L62 It's fixed in later versions it seems: https://github.com/apache/qpid-java/blob/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java#L141-L150 Version-Release number of selected component (if applicable): candlepin-0.9.54.4-1.el7.noarch How reproducible: Always Steps to Reproduce: 1. Create a certificate with alternate hostname and use it for qpid 2. Have candlepin configured to use alternate hostname Actual results: SSL verification fails Expected results: SSL verification succeeds
Marking as closed per Candlepin procedures as a fix has been merged or it has been determined to not be an issue.
Re-opened, see https://bugzilla.redhat.com/show_bug.cgi?id=1329327#c8