Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tomcat's server cert should have subjectAltName #2023

Closed
pki-bot opened this issue Oct 3, 2020 · 5 comments
Closed

Tomcat's server cert should have subjectAltName #2023

pki-bot opened this issue Oct 3, 2020 · 5 comments
Labels
Closed: Fixed
Milestone
UNTRIAGED

Comments

@pki-bot
Copy link

pki-bot commented Oct 3, 2020

This issue was migrated from Pagure Issue #1464. Originally filed by cheimes (@tiran) on 2015-07-03 14:40:29:

  • Closed at 2019-12-17 21:30:31 as fixed
  • Assigned to nobody

The SSL server doesn't conform to RFC 2818. Even with a fresh installation the server cert for the Tomcat instance on port 8443 has not subjectAltName extension. It should have a SAN extension with dNSName equal to its subject's CN.

Chrome has an outstanding bug to remove hostname matching in CN: [support for common names in certificates; only support Subject Alt Names]]([https://code.google.com/p/chromium/issues/detail?id=308330|Remove)

I found the problem while I was working on 1253. With certificate validation, requests still emits a warning:

/usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no subjectAltName, falling back to check for a commonName for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See urllib3/urllib3#497 for details.)
@pki-bot pki-bot added this to the UNTRIAGED milestone Oct 3, 2020
@pki-bot pki-bot closed this as completed Oct 3, 2020
@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from cheimes (@tiran) at 2015-07-07 13:42:23

The ticket is related to https://fedorahosted.org/freeipa/ticket/4970

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from mharmsen (@mharmsen) at 2015-07-08 17:47:12

Per CS/DS meeting of 07/06/2015 after obtaining additional information from tiran: 10.3

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from cheimes (@tiran) at 2017-02-27 13:59:26

Metadata Update from @tiran:

  • Issue set to the milestone: UNTRIAGED

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from ftweedal (@frasertweedale) at 2019-12-17 21:30:32

I'm sure we have solved this now. But please reopen if I am mistaken.

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from ftweedal (@frasertweedale) at 2019-12-17 21:30:33

Metadata Update from @frasertweedale:

  • Custom field feature adjusted to None
  • Custom field proposedmilestone adjusted to None
  • Custom field proposedpriority adjusted to None
  • Custom field reviewer adjusted to None
  • Custom field version adjusted to None
  • Issue close_status updated to: fixed
  • Issue status updated to: Closed (was: Open)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Closed: Fixed
Projects
None yet
Milestone
UNTRIAGED
Development

No branches or pull requests
1 participant
@pki-bot