Merge pull request metal3-io#292 from dtantsur/ironic-proxy

ironic-proxy: never validate TLS peer name
elfosardo · Aug 18, 2022 · 6107e24 · 6107e24
2 parents a651557 + 2fc4e23
commit 6107e24
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/ironic-config/apache2-proxy.conf.j2 b/ironic-config/apache2-proxy.conf.j2
@@ -12,12 +12,13 @@
 
     {% if env.IRONIC_INSECURE == "true" %}
     SSLProxyVerify none
-    SSLProxyCheckPeerCN off
-    SSLProxyCheckPeerName off
     SSLProxyCheckPeerExpire off
     {% else %}
     SSLProxyCACertificateFile {{ env.IRONIC_CERT_FILE }}
+    SSLProxyVerify require
+    SSLProxyCheckPeerExpire on
     {% endif %}
+    SSLProxyCheckPeerName off
 
     {% endif %}