Uploaded image for project: 'Hue'
  1. Hue
  2. HUE-2582

[core] Upgrade CherryPy that adds TLS certificate chain support

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.7.0
    • Fix Version/s: 3.10.0
    • Component/s: core.frontend
    • Labels:
      None

      Description

      The version of CherryPy bundled with Hue does not support TLS certificate chain. The Hue will not hand out any intermediate certificates in response to TLS requests and this prevents effective use of PKI.

      Fixing this will require an upgrade of CherryPy to a version that supports certificate chains and CA bundles and addition of config parameters to define the location of the CA bundle.

      Note: some custom modifications were not backported to upstream CherryPy

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                enricoberti Enrico Berti
                Reporter:
                jhalfpenny Jim Halfpenny
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: