Uploaded image for project: 'Hue (READ ONLY)'
  1. Hue (READ ONLY)
  2. HUE-2582

[core] Upgrade CherryPy that adds TLS certificate chain support

          Details

          • Type: Improvement
          • Status: Resolved
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: 3.7.0
          • Fix Version/s: 3.10.0
          • Component/s: core.ui
          • Labels:
            None

            Description

            The version of CherryPy bundled with Hue does not support TLS certificate chain. The Hue will not hand out any intermediate certificates in response to TLS requests and this prevents effective use of PKI.

            Fixing this will require an upgrade of CherryPy to a version that supports certificate chains and CA bundles and addition of config parameters to define the location of the CA bundle.

            Note: some custom modifications were not backported to upstream CherryPy

              Attachments

                Issue Links

                relates to

                New Feature - A new feature of the product, which has yet to be developed. HUE-3133 Provide client-certificate Authentication backend (PKI)

                • Major - Major loss of function.
                • Closed

                  Activity

                    People

                    • Assignee:
                      enricoberti Enrico Berti
                      Reporter:
                      jhalfpenny Jim Halfpenny
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      2 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved: