Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

v3 verifyCertificates NONSTRICT/DISABLED not working as expected in containers #3870

Open
MarkAckert opened this issue Oct 24, 2024 · 0 comments
Open

v3 verifyCertificates NONSTRICT/DISABLED not working as expected in containers #3870

MarkAckert opened this issue Oct 24, 2024 · 0 comments
Labels
bug Verified defect in functionality Priority: Medium size/M

Comments

@MarkAckert
Copy link
Member

MarkAckert commented Oct 24, 2024
edited
Loading

Describe the bug
While testing Zowe v3 in a containerized environment where:

  • certificates do not contain correct SAN domains
  • verifyCertificates is set to either NONSTRICT or DISABLED
    there are errors in APIML pods related to certificate hostname verification. This is taken from an api catalog pod:
2024-10-15 15:05:02.373 <ZWEAGW1:https-jsse-nio-0.0.0.0-7554-exec-1:4302> zowe ERROR ((javax.net.ssl)) Fatal (CERTIFICATE_UNKNOWN): Received fatal alert: certificate_unknown
2024-10-15 15:05:03.918 <ZWEAGW1:reactor-http-epoll-2:4302> zowe ERROR ((javax.net.ssl)) Fatal (CERTIFICATE_UNKNOWN): No subject alternative DNS name matching ***redacted***.pod.cluster.local found.

Steps to Reproduce

  1. Deploy a containerized environment with verifyCertificates: DISABLED
  2. View pod logs

Expected behavior
The pods should ignore the missing SAN when verifyCertificates is DISABLED or NONSTRICT

Details

  • Version and build number: Zowe v3.0.0
  • Test environment: IBM Openshift environment

Similar to #1805 . Expect that if the correct SANs are added to the certificates, the services will start up.

https://github.com/zowe/api-layer/wiki/Issue-management
@MarkAckert MarkAckert added bug Verified defect in functionality new New issue that has not been worked on yet labels Oct 24, 2024
@EvaJavornicka EvaJavornicka added Priority: Medium size/M and removed new New issue that has not been worked on yet labels Nov 27, 2024
@EvaJavornicka EvaJavornicka moved this from New to Unplanned Bugs in API Mediation Layer Backlog Management Nov 27, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug Verified defect in functionality Priority: Medium size/M
Projects
API Mediation Layer Backlog Management
Status: Unplanned Bugs
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MarkAckert @EvaJavornicka