brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (BROOKLYN-280) br cli fails to login to brooklyn instances with self-signed SSL certs
Date Wed, 25 May 2016 05:13:13 GMT

    [ https://issues.apache.org/jira/browse/BROOKLYN-280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15299467#comment-15299467
] 

ASF GitHub Bot commented on BROOKLYN-280:
-----------------------------------------

Github user neykov commented on a diff in the pull request:

    https://github.com/apache/brooklyn-client/pull/21#discussion_r64515968
  
    --- Diff: app/app.go ---
    @@ -39,7 +39,7 @@ var appConfig = configDefaults{
     	Name:     os.Args[0],
     	HelpName: os.Args[0],
     	Usage:    "A Brooklyn command line client application",
    -	Version:  "0.9.0",
    +	Version:  "0.10.0-SNAPSHOT",
    --- End diff --
    
    Add an inline comment `BROOKLYN_VERSION`, or a comment on the line above `BROOKLYN_VERSION_BELOW`
to have this changed automatically.


> br cli fails to login to brooklyn instances with self-signed SSL certs
> ----------------------------------------------------------------------
>
>                 Key: BROOKLYN-280
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-280
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: John McCabe
>            Assignee: John McCabe
>
> Attempt to log into Brooklyn with a cert generated following the instructions on {{ops/brooklyn_properties}},
results in the following error:
> {code}
> # br login https://10.10.10.100:8443 admin mypassword
> Get https://10.10.10.100:8443/v1/server/version: x509: cannot validate certificate for
10.10.10.100 because it doesn't contain any IP SANs
> {code}
> Adding the IP SAN (add {{-ext san=IP:10.10.10.100}} to the {{keytool}} invocation on
JDK 1.7+) then results in:
> {code}
> # br login https://10.10.10.100:8443 admin mypassword
> Get https://10.10.10.100:8443/v1/server/version: x509: certificate signed by unknown
authority
> {code}
> I suspect we may need to be tolerate of self-signed certs without a trustchain, but do
so via a flag that the user must set explicitly, for example:
> {code}
> br login --trustall https://10.10.10.100 admin mypassword
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message