Marking Newton task as Invalid as urllib3 does not form part of that UCA
pocket (uses version from Xenial).
** Changed in: cloud-archive/mitaka
Status: Triaged => In Progress
** Changed in: cloud-archive/mitaka
Assignee: (unassigned) => James Page (james-page)
** Description changed:
[Impact]
Users of urllib3 are unable to securely access websites who's certificates
use IP based subject alternative names; this includes openstack client tooling
which uses urllib3 via requests.
[Test Case]
Deploy and configure a server with TLS and an IP based SAN cert with a
locally trusted CA.
import urllib3
-
+
http = urllib3.PoolManager()
r = http.request('GET', 'https://192.168.1.2')
will fail
-
[Regression Potential]
Cherry picked fix comes from a later urllib3 release which has tested fine
for IP SAN usage in later OpenStack release deployments.
[Original Bug Report]
urllib3 fails to validate certificates with IP address based SAN's.
Fixed upstream:
https://github.com/urllib3/urllib3/commit/c74bd70c3a97e30f0560bee9b7fa1bfc767ebf0b
** Changed in: cloud-archive/newton
Status: Triaged => Invalid
** No longer affects: cloud-archive/newton
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1771988
Title:
certificate validation with IP address based SAN's fails
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1771988/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
