[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2791: Tahoe CLI / SSL certificate

Tahoe-LAFS trac at tahoe-lafs.org
Thu Jun 9 07:01:42 UTC 2016 

#2791: Tahoe CLI / SSL certificate
---------------------+---------------------------
 Reporter:  cedric   |          Owner:
     Type:  defect   |         Status:  new
 Priority:  normal   |      Milestone:  undecided
Component:  unknown  |        Version:  1.11.0
 Keywords:           |  Launchpad Bug:
---------------------+---------------------------
 Hi,

 I'm running a small grid with few nodes.
 I use Web API through HTTPS with self signed certificates/Internal CA
 I'm dealing with some troubles when i call tahoe cli (eg: tahoe create-
 alias....).

 "tahoe create-alias test" return error:
 Traceback (most recent call last):
   File "/venv/local/lib/python2.7/site-
 packages/allmydata/scripts/runner.py", line 162, in run
     rc = runner(sys.argv[1:], install_node_control=install_node_control)
   File "/venv/local/lib/python2.7/site-
 packages/allmydata/scripts/runner.py", line 147, in runner
     rc = cli.dispatch[command](so)
   File "/venv/local/lib/python2.7/site-packages/allmydata/scripts/cli.py",
 line 486, in create_alias
     rc = tahoe_add_alias.create_alias(options)
   File "/venv/local/lib/python2.7/site-
 packages/allmydata/scripts/tahoe_add_alias.py", line 85, in create_alias
     resp = do_http("POST", url)
   File "/venv/local/lib/python2.7/site-
 packages/allmydata/scripts/common_http.py", line 70, in do_http
     c.endheaders()
   File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
     self._send_output(message_body)
   File "/usr/lib/python2.7/httplib.py", line 850, in _send_output
     self.send(msg)
   File "/usr/lib/python2.7/httplib.py", line 812, in send
     self.connect()
   File "/usr/lib/python2.7/httplib.py", line 1212, in connect
     server_hostname=server_hostname)
   File "/usr/lib/python2.7/ssl.py", line 350, in wrap_socket
     _context=self)
   File "/usr/lib/python2.7/ssl.py", line 566, in __init__
     self.do_handshake()
   File "/usr/lib/python2.7/ssl.py", line 796, in do_handshake
     match_hostname(self.getpeercert(), self.server_hostname)
   File "/usr/lib/python2.7/ssl.py", line 273, in match_hostname
     % (hostname, dnsnames[0]))
 CertificateError: hostname '127.0.0.1' doesn't match u'Myhostname'

 SSL certificate has CN=Myhostname and an alternative name IP.1=127.0.0.1.
 CA certificate is available in /etc/ssl/certs/ and c_rehash done.

 openssl s_client -connect 127.0.0.1:3456 -CApath /etc/ssl/certs/ return
 "Ok".

 It seem that ssl.py is only try to verify CN == hostname, there is no
 verification on alternative name.

 The only way i've found to get tahoe cli working is to change node.url by
 replacing https://127.0.0.1:3456 by https://Myhostname:3456

 I missed something?

 Thanks for your help and thanks for the great job on Tahoe-LAFS!

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2791>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list