View Issue Details

IDProjectCategoryView StatusLast Update
0000257bareos-core[All Projects] file daemonpublic2015-03-25 19:19
ReportermvwieringenAssigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionfixed 
PlatformLinuxOSUbuntuOS Version12.04
Product Version13.2.2 
Target Version13.2.3Fixed in Version13.2.3 
Summary0000257: When using passive mode and TLS using NAT the verify peer mode will fail.
DescriptionWhen you use passive mode e.g. when the SD connects to the FD for transfering
data the TLS handshake will fail when you also NAT the connection from the SD
to the FD. The FD can only validate the certificate using the CN matching the
FQDN of the ip address of the NAT box.
Additional InformationYou can work around this by putting the FQDN of the NAT box that the FD sees
into the alternative name of the certificate but it would be much nicer if
you could just define a set of allowed CNs in the client definition of the
FD just like what the SD has with TLS Allowed CN.
TagsNo tags attached.
bareos-master: impact
bareos-master: action
bareos-18.2: impact
bareos-18.2: action
bareos-17.2: impact
bareos-17.2: action
bareos-16.2: impact
bareos-16.2: action
bareos-15.2: impact
bareos-15.2: action
bareos-14.2: impact
bareos-14.2: action
bareos-13.2: impact
bareos-13.2: action
bareos-12.4: impact
bareos-12.4: action

Activities

mvwieringen

mvwieringen

2013-12-03 17:20

developer  

bareos-common_13.4.0-3.1_amd64.deb (427,120 bytes)
mvwieringen

mvwieringen

2013-12-03 17:20

developer  

bareos-filedaemon_13.4.0-3.1_amd64.deb (87,622 bytes)
mvwieringen

mvwieringen

2013-12-04 10:47

developer   ~0000743

Fix committed to bareos bareos-13.2 branch with changesetid 1359.
mvwieringen

mvwieringen

2013-12-04 10:47

developer   ~0000744

Fix committed to bareos master branch with changesetid 1360.
mvwieringen

mvwieringen

2015-03-25 16:51

developer   ~0001415

Fix committed to bareos2015 bareos-14.2 branch with changesetid 4975.
joergs

joergs

2015-03-25 19:19

administrator   ~0001567

Due to the reimport of the Github repository to bugs.bareos.org, the status of some tickets have been changed. These tickets will be closed again.
Sorry for the noise.

Related Changesets

bareos: bareos-13.2 52acbfbc

2013-11-28 19:40:16

mvwieringen

Ported: N/A

Details Diff
Add support for setting allowed cns for passive mode.

Fixes 0000257: When using passive mode and TLS using NAT the verify peer mode will fail.
Affected Issues
0000257
mod - src/filed/authenticate.c Diff File
mod - src/filed/filed_conf.c Diff File
mod - src/filed/filed_conf.h Diff File

bareos: master 3901288d

2013-11-28 19:40:16

mvwieringen

Ported: N/A

Details Diff
Add support for setting allowed cns for passive mode.

Fixes 0000257: When using passive mode and TLS using NAT the verify peer mode will fail.
Affected Issues
0000257
mod - src/filed/authenticate.c Diff File
mod - src/filed/filed_conf.c Diff File
mod - src/filed/filed_conf.h Diff File

bareos2015: bareos-13.2 9b03474f

2013-11-28 20:40:16

mvwieringen

Ported: N/A

Details Diff
Add support for setting allowed cns for passive mode.

Fixes 0000257: When using passive mode and TLS using NAT the verify peer mode will fail.
Affected Issues
0000257
mod - src/filed/authenticate.c Diff File
mod - src/filed/filed_conf.c Diff File
mod - src/filed/filed_conf.h Diff File

bareos2015: bareos-14.2 3bdfdd8f

2013-11-28 20:40:16

mvwieringen

Ported: N/A

Details Diff
Add support for setting allowed cns for passive mode.

Fixes 0000257: When using passive mode and TLS using NAT the verify peer mode will fail.
Affected Issues
0000257
mod - src/filed/authenticate.c Diff File
mod - src/filed/filed_conf.c Diff File
mod - src/filed/filed_conf.h Diff File

Issue History

Date Modified Username Field Change
2013-12-03 15:48 mvwieringen New Issue
2013-12-03 15:48 mvwieringen Status new => assigned
2013-12-03 15:48 mvwieringen Assigned To => mvwieringen
2013-12-03 15:58 mvwieringen File Added: bareos-common_13.4.0-2.1_amd64.deb
2013-12-03 15:58 mvwieringen File Added: bareos-filedaemon_13.4.0-2.1_amd64.deb
2013-12-03 16:36 mvwieringen File Deleted: bareos-common_13.4.0-2.1_amd64.deb
2013-12-03 16:36 mvwieringen File Deleted: bareos-filedaemon_13.4.0-2.1_amd64.deb
2013-12-03 17:20 mvwieringen File Added: bareos-common_13.4.0-3.1_amd64.deb
2013-12-03 17:21 mvwieringen File Added: bareos-filedaemon_13.4.0-3.1_amd64.deb
2013-12-04 10:47 mvwieringen Changeset attached => bareos bareos-13.2 52acbfbc
2013-12-04 10:47 mvwieringen Note Added: 0000743
2013-12-04 10:47 mvwieringen Status assigned => resolved
2013-12-04 10:47 mvwieringen Resolution open => fixed
2013-12-04 10:47 mvwieringen Changeset attached => bareos master 3901288d
2013-12-04 10:47 mvwieringen Note Added: 0000744
2014-05-16 17:31 mvwieringen adm Assigned To mvwieringen =>
2014-05-16 17:31 mvwieringen adm Status resolved => closed
2014-05-16 17:31 mvwieringen adm Fixed in Version => 13.2.3
2015-03-25 16:51 mvwieringen Changeset attached => bareos2015 bareos-13.2 9b03474f
2015-03-25 16:51 mvwieringen Changeset attached => bareos2015 bareos-14.2 3bdfdd8f
2015-03-25 16:51 mvwieringen Note Added: 0001415
2015-03-25 16:51 mvwieringen Status closed => resolved
2015-03-25 19:19 joergs Note Added: 0001567
2015-03-25 19:19 joergs Status resolved => closed