charm-haproxy

Merge lp:~simpoir/charm-haproxy/ip-selfsigned into lp:charm-haproxy

ip-selfsigned
Merge into trunk

Proposed by Simon Poirier on 2018-07-10

Status:

Merged

Approved by:

Nick Moffitt on 2018-07-11

Approved revision:

117

Merged at revision:

117

Proposed branch:

lp:~simpoir/charm-haproxy/ip-selfsigned

Merge into:

lp:charm-haproxy

Diff against target:

11 lines (+2/-2)

1 file modified

data/openssl.cnf (+2/-2)

To merge this branch:

bzr merge lp:~simpoir/charm-haproxy/ip-selfsigned

Undecided

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
haproxy-team		2018-07-10	Pending
Review via email: mp+349258@code.launchpad.net

Commit message

use IP in self-signed subjectAltName

Description of the change

When generating self-signed certificates, mark addresses in subjectAltName as IP instead of DNS.
Recent version of libcurl don't accept IP addresses in DNS and won't validate using subject line if subjectAltName is present.

Revision history for this message

🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote on 2018-07-10:

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message

🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote on 2018-07-11:

Change successfully merged at revision 117

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Cory Johns

Simon Poirier

1	=== modified file 'data/openssl.cnf'
2	--- data/openssl.cnf 2015-10-16 09:39:42 +0000
3	+++ data/openssl.cnf 2018-07-10 13:45:25 +0000
4	@@ -16,5 +16,5 @@
5	subjectAltName = @alt_names
6
7	[alt_names]
8	-DNS.1 = $ENV::OPENSSL_PUBLIC
9	-DNS.2 = $ENV::OPENSSL_PRIVATE
10	+IP.1 = $ENV::OPENSSL_PUBLIC
11	+IP.2 = $ENV::OPENSSL_PRIVATE