Hide Forgot
+++ This bug was initially created as a clone of Bug #1330262 +++ +++ This bug was initially created as a clone of Bug #1329327 +++ Description of problem: We are moving qpid to only listen on localhost in Satellite because of BZ1252573. So we add 'localhost' as an alternate DNS name on our certificate. Candlepin fails with this error: Caused by: org.apache.qpid.AMQException: Cannot connect to broker: SSL hostname verification failed. Expected : localhost Found in cert : centos7-bats.example.com It's due to qpid's java library in 0.30 only verifying the CN: https://github.com/apache/qpid/blob/0.30/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java#L58-L62 It's fixed in later versions it seems: https://github.com/apache/qpid-java/blob/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java#L141-L150 Version-Release number of selected component (if applicable): candlepin-0.9.54.4-1.el7.noarch How reproducible: Always Steps to Reproduce: 1. Create a certificate with alternate hostname and use it for qpid 2. Have candlepin configured to use alternate hostname Actual results: SSL verification fails Expected results: SSL verification succeeds
Marking as closed per Candlepin procedures as a fix has been merged or it has been determined to not be an issue.
The correct version of the client was not included in the builds because unsynced Buildfile and pom.xml Commit 30d208f270d7bb961c4e11ea512d71e8522e629a fixes that.