John McCabe created BROOKLYN-280:
------------------------------------
Summary: br cli fails to login to brooklyn instances whose SSL
certs don't have any IP SANs
Key: BROOKLYN-280
URL: https://issues.apache.org/jira/browse/BROOKLYN-280
Project: Brooklyn
Issue Type: Bug
Reporter: John McCabe
Attempt to log into Brooklyn with a cert generated following the instructions
on {{ops/brooklyn_properties}}, results in the following error:
{code}
# br login https://10.10.10.100:8443 admin mypassword
Get https://10.10.10.100:8443/v1/server/version: x509: cannot validate
certificate for 10.10.10.100 because it doesn't contain any IP SANs
{code}
We either need to update the {{br}} util to be more tolerant of such certs, or
update the instructions in {{ops/brooklyn_properties}} to describe how to
create certs containing the correct IP SAN for the secured server.
I'm torn on which option is best, I'd be inclined to do both, document the
creation of a cert with a populated IP SAN *and* add a flag to {{br}} to
tolerate servers without such a cert rather than accepting them silently (if
thats possible with the golang crypto libs).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
