Bug 655061 - Pulp admin tool might not be verifying the server certificate
Summary: Pulp admin tool might not be verifying the server certificate
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Pulp
Classification: Retired
Component: z_other
Version: unspecified
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
: ---
Assignee: Jay Dobies
QA Contact: Preethi Thomas
URL:
Whiteboard:
Depends On:
Blocks: 673053
TreeView+ depends on / blocked
 
Reported: 2010-11-19 14:25 UTC by Jay Dobies
Modified: 2011-07-15 19:31 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-07-15 06:16:55 UTC


Attachments (Terms of Use)

Description Jay Dobies 2010-11-19 14:25:31 UTC
On the latest QE build, I ran:

[root@fedora-13-64 ~]# pulp-client consumer bind --repoid=test
ERROR: The server hostname you have configured in /etc/pulp/client.conf does not match the
hostname returned from the Pulp server you are connecting to.  

You have: [localhost.localdomain] configured but got: [fedora-13-64] from the server.

Please correct the host in the /etc/pulp/client.conf file


That makes sense, since I forgot to change the server in client.conf. But I didn't see any of these messages when using the admin tool to create and sync a repo. I'm worried that means we've lost the verification the server certificate in the admin tool.

Comment 1 Jay Dobies 2010-11-19 14:30:23 UTC
Interesting, I was able to see the expected comment *after* logging in with "auth login":

[root@fedora-14-64 ~]# pulp-admin -uadmin -padmin auth login
User credentials successfully stored at [/root/.pulp]

[root@fedora-14-64 ~]# pulp-admin repo create --id=test --feed=yum:http://repos.fedorapeople.org/repos/pulp/pulp/fedora-14/x86_64
ERROR: The server hostname you have configured in /etc/pulp/client.conf does not match the
hostname returned from the Pulp server you are connecting to.  

You have: [localhost.localdomain] configured but got: [fedora-14-64] from the server.

Please correct the host in the /etc/pulp/client.conf file


I'm still thinking this is a bug. The verification of the server-side certificate should take place regardless of whether or not I'm using a client-side certificate since we're still using an SSL connection in all cases.


Note You need to log in before you can comment on or make changes to this bug.