Python client adds unexpected riak@ to certificate CN check [JIRA: CLIENTS-753]
#433
Labels
Milestone
Comments
Basho-JIRA
changed the title
riak@ to certificate CN checkriak@ to certificate CN check [JIRA: CLIENTS-753]
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In https://github.com/basho/riak-python-client/blame/master/riak/transports/pbc/connection.py#L133 the prefix
riak@is added to the SSL certificate host check. Therefore the CN or SAN records of the server certificate need to beriak@<hostname>or riak@<ip_addr>`, whereas it's common practice to issue server certificate for the host-name or ip address of the server. The client behaviour is therefore unexpected. Furthermore, this behaviour is unique to the python and ruby clients and generally completely undocumented in Riak's server documentation.The test certificate has a CN record of
[email protected], which should be changed accordingly.The text was updated successfully, but these errors were encountered: