[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2791: Tahoe CLI / SSL certificate
Tahoe-LAFS
trac at tahoe-lafs.org
Thu Jun 9 07:01:42 UTC 2016
#2791: Tahoe CLI / SSL certificate
---------------------+---------------------------
Reporter: cedric | Owner:
Type: defect | Status: new
Priority: normal | Milestone: undecided
Component: unknown | Version: 1.11.0
Keywords: | Launchpad Bug:
---------------------+---------------------------
Hi,
I'm running a small grid with few nodes.
I use Web API through HTTPS with self signed certificates/Internal CA
I'm dealing with some troubles when i call tahoe cli (eg: tahoe create-
alias....).
"tahoe create-alias test" return error:
Traceback (most recent call last):
File "/venv/local/lib/python2.7/site-
packages/allmydata/scripts/runner.py", line 162, in run
rc = runner(sys.argv[1:], install_node_control=install_node_control)
File "/venv/local/lib/python2.7/site-
packages/allmydata/scripts/runner.py", line 147, in runner
rc = cli.dispatch[command](so)
File "/venv/local/lib/python2.7/site-packages/allmydata/scripts/cli.py",
line 486, in create_alias
rc = tahoe_add_alias.create_alias(options)
File "/venv/local/lib/python2.7/site-
packages/allmydata/scripts/tahoe_add_alias.py", line 85, in create_alias
resp = do_http("POST", url)
File "/venv/local/lib/python2.7/site-
packages/allmydata/scripts/common_http.py", line 70, in do_http
c.endheaders()
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 850, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 812, in send
self.connect()
File "/usr/lib/python2.7/httplib.py", line 1212, in connect
server_hostname=server_hostname)
File "/usr/lib/python2.7/ssl.py", line 350, in wrap_socket
_context=self)
File "/usr/lib/python2.7/ssl.py", line 566, in __init__
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 796, in do_handshake
match_hostname(self.getpeercert(), self.server_hostname)
File "/usr/lib/python2.7/ssl.py", line 273, in match_hostname
% (hostname, dnsnames[0]))
CertificateError: hostname '127.0.0.1' doesn't match u'Myhostname'
SSL certificate has CN=Myhostname and an alternative name IP.1=127.0.0.1.
CA certificate is available in /etc/ssl/certs/ and c_rehash done.
openssl s_client -connect 127.0.0.1:3456 -CApath /etc/ssl/certs/ return
"Ok".
It seem that ssl.py is only try to verify CN == hostname, there is no
verification on alternative name.
The only way i've found to get tahoe cli working is to change node.url by
replacing https://127.0.0.1:3456 by https://Myhostname:3456
I missed something?
Thanks for your help and thanks for the great job on Tahoe-LAFS!
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2791>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list