Ok, I updated that to cover the situations you mentioned. Stripping the port doesn't seem like it would work, because if you had ipv6 addr with no port, we would end up stripping the last section from the address. Instead, I added regex checks for ipv6 with a custom port, and dns hostname with a custom port, stripping the port from the netloc if matched. If it doesnt find a match for the port pattern, then it just passes original netloc value.
I tested it on a client connecting to an instance that uses normal ports, ie. no :[0-9] in the hostname, as well as the instance where I discovered this, using 8080. Both cent5 and cent6 clients were able to connect. Let me know if you see anything else that may need tweaking. https://raw.github.com/gist/3909534/5b66bd19a8f1778fb368f3422fc954e016c3b0f2/osad.py.patch On Thu, Oct 18, 2012 at 12:22 AM, Jan Pazdziora <jpazdzi...@redhat.com>wrote: > On Wed, Oct 17, 2012 at 07:45:04PM -0700, David Johansen wrote: > > Hi, > > > > I recently setup an instance using custom ports, 8080,8443, for the > webui. > > I ran into an issue with OSAD when trying to connect clients. After > looking > > at the code, I noticed that osad was failing because my <netloc> portion > of > > the url was spacewalk.example.com:8080, which did not match my CN, > > spacewalk.example.com. I added an if statement to cover that, > > in /usr/share/rhn/osad/osad.py, that checks for a ":" in netloc, and if > it > > exists, then it sets netloc to the domain name without the :port. I've > > never seen a legitimate cert with port numbers included in the common > name, > > so figure this would be a worthy patch to send your way. > > > > > https://raw.github.com/gist/3909534/92a8eea0b8cac895a9613d77601678cddc4a89ca/osad.py.patch > > This patch will fail for example for IPv6 addresses. The correct > approach would be to use ParseResult's hostname. Except it is not > supported on python 2.4. We might need to check for the type and > either call hostname or strip the port _from the end_ of the netloc, > something like :[0-9]+$. > > -- > Jan Pazdziora > Principal Software Engineer, Satellite Engineering, Red Hat > > _______________________________________________ > Spacewalk-devel mailing list > Spacewalk-devel@redhat.com > https://www.redhat.com/mailman/listinfo/spacewalk-devel > -- Regards, David Johansen
_______________________________________________ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
