Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v3 verifyCertificates NONSTRICT/DISABLED not working as expected in containers #3870

Open
MarkAckert opened this issue Oct 24, 2024 · 0 comments
Labels
bug Verified defect in functionality Priority: Medium size/M

Comments

@MarkAckert
Copy link
Member

MarkAckert commented Oct 24, 2024

Describe the bug
While testing Zowe v3 in a containerized environment where:

  • certificates do not contain correct SAN domains
  • verifyCertificates is set to either NONSTRICT or DISABLED
    there are errors in APIML pods related to certificate hostname verification. This is taken from an api catalog pod:
2024-10-15 15:05:02.373 <ZWEAGW1:https-jsse-nio-0.0.0.0-7554-exec-1:4302> zowe ERROR ((javax.net.ssl)) Fatal (CERTIFICATE_UNKNOWN): Received fatal alert: certificate_unknown
2024-10-15 15:05:03.918 <ZWEAGW1:reactor-http-epoll-2:4302> zowe ERROR ((javax.net.ssl)) Fatal (CERTIFICATE_UNKNOWN): No subject alternative DNS name matching ***redacted***.pod.cluster.local found.

Steps to Reproduce

  1. Deploy a containerized environment with verifyCertificates: DISABLED
  2. View pod logs

Expected behavior
The pods should ignore the missing SAN when verifyCertificates is DISABLED or NONSTRICT

Details

  • Version and build number: Zowe v3.0.0
  • Test environment: IBM Openshift environment

Similar to #1805 . Expect that if the correct SANs are added to the certificates, the services will start up.

https://github.com/zowe/api-layer/wiki/Issue-management

@MarkAckert MarkAckert added bug Verified defect in functionality new New issue that has not been worked on yet labels Oct 24, 2024
@EvaJavornicka EvaJavornicka added Priority: Medium size/M and removed new New issue that has not been worked on yet labels Nov 27, 2024
@EvaJavornicka EvaJavornicka moved this from New to Unplanned Bugs in API Mediation Layer Backlog Management Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Verified defect in functionality Priority: Medium size/M
Projects
Status: Unplanned Bugs
Development

No branches or pull requests

2 participants