Bug #1081144 “[lucid] ubuntuone-preferences: SSL hostname valida...” : Bugs : ubuntuone-client package : Ubuntu

[lucid] ubuntuone-preferences: SSL hostname validation failed

Bug #1081144 reported by Roman Yepishev
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Ubuntu One Client
Won't Fix
Undecided
Unassigned
ubuntuone-client (Ubuntu)
Won't Fix
Medium
Ubuntu One Client Engineering team
Nominated for Lucid by Roman Yepishev

Bug Description

New lucid accounts cannot register or add a new machine.

At the moment ubuntuone-preferences shows an error message:

Authorization Error
[Errno socket error] SSL hostname validation failed

This is happening because ubuntuone.com (which is referenced from lucid clients) has subject field of SSL certificate set to *.ubuntuone.com and the monkey-patched SSL verification checks for subject field only.

ubuntuone.com is present in subjectAltName but it is not being checked.

FIXED by changing the certificate on the server side.

CVE References

Revision history for this message
Roman Yepishev (rye) wrote :
tags: added: u1-support
Roman Yepishev (rye)
description: updated
Revision history for this message
Roman Yepishev (rye) wrote :

Updated CVE patch originated from LP:882062

Changed in ubuntuone-client (Ubuntu):
assignee: nobody → Ubuntu One Client Engineering team (ubuntuone-client-engineering)
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "CVE-2011-4409.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Revision history for this message
Roman Yepishev (rye) wrote :

oauth_urls which uses the new urls and can be used as a workaound for the issue.

description: updated
Roman Yepishev (rye)
description: updated
Roman Yepishev (rye)
description: updated
Revision history for this message
Roman Yepishev (rye) wrote :

This was fixed by changing ubuntuone.com certificate to a non-wildcard one.

description: updated
Changed in ubuntuone-client (Ubuntu):
status: Confirmed → Won't Fix
Changed in ubuntuone-client:
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Loading subscribers...

Remote bug watches

Bug watches keep track of this bug in other bug trackers.