Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix common name of SSL cert #2208

Merged
merged 1 commit into from
Mar 21, 2017
Merged

Fix common name of SSL cert #2208

merged 1 commit into from
Mar 21, 2017

Conversation

matthewrmshin
Copy link
Contributor

Use suite host name instead of suite name.

@matthewrmshin matthewrmshin added this to the next release milestone Mar 15, 2017
@matthewrmshin matthewrmshin self-assigned this Mar 15, 2017
hjoliver
hjoliver reviewed Mar 15, 2017
View reviewed changes
lib/cylc/suite_srv_files_mgr.py Outdated
@@ -464,11 +464,11 @@ def _get_ssl_cert(self, path, reg, pkey_obj):
# OpenSSL not installed, so we can't use HTTPS anyway.
return
# Use suite name as the 'common name', but no more than 64 chars.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(comment now wrong?)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Now fixed.

@matthewrmshin
Fix common name of SSL cert
e59acb4 
Use suite host name instead of suite name.
@hjoliver
Copy link
Member

ssl.com FAQ "What is the common name": http://info.ssl.com/article.aspx?id=10048

@hjoliver
Copy link
Member

hjoliver commented Mar 16, 2017
edited
Loading

The code looks fine. I suppose we don't need to worry about the problem (see FAQ URL above) with variant versions of the same host, because get_suite_host() always supplies the same host name that will also be used by tasks comms? Presumably the common name can be a raw IP address if necessary?

@matthewrmshin
Copy link
Contributor Author

Yes. Clients will always use the host value in ~/cylc-run/SUITE/.service/contact to communicate with the suite server, and the host value in the file is set using get_suite_host. The raw IP address method is covered by get_suite_host as well, so we should not have to worry.

@oliver-sanders oliver-sanders merged commit 5b00f90 into cylc:master Mar 21, 2017
@matthewrmshin matthewrmshin deleted the fix-ssl-cert-cn branch March 21, 2017 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hjoliver hjoliver hjoliver approved these changes

@oliver-sanders oliver-sanders oliver-sanders approved these changes

Assignees

@matthewrmshin matthewrmshin

Labels
None yet
Projects
None yet
Milestone
cylc-7.2.1
Development

Successfully merging this pull request may close these issues.
3 participants
@matthewrmshin @hjoliver @oliver-sanders