[Bug 1217741] Re: apt will not use configured client certificate when redirected from http url to https
David Kalnischkies
1217741 at bugs.launchpad.net
Wed Aug 28 08:57:40 UTC 2013
The code doesn't allow switching protocols with a redirect so far, so its not a bug as such, but a missing feature.
https://bazaar.launchpad.net/~ubuntu-core-dev/apt/ubuntu/view/head:/methods/http.cc#L993
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1217741
Title:
apt will not use configured client certificate when redirected from
http url to https
Status in “apt” package in Ubuntu:
Confirmed
Bug description:
We have a web server that has our internal package repository. The
server is configured so that it will communicate via port 80 with
clients in internal network, which basically makes it possible for the
clients to get packages during OS installation when they do not yet
have a client certificate. The clients outside our network are
redirected with a HTTP 302 to the same url with https transport and
the https server requires the client to authenticate with a client
certificate. We have configured apt like this (obviously with real
paths and server name):
/etc/apt/apt.conf.d/45our-server:
-------
Acquire::https::our-server.our-domain {
Verify-Peer "true";
Verify-Host "true";
CaInfo "/path/to/ca/cert.pem";
SslCert "/path/to/client/cert.pem";
SslKey "/path/to/client/key.pem";
};
-------
As long as the repository is marked as https://... in
/etc/apt/sources.list, these settings are used and everything works
right. However, if the repository is marked as http://, and the client
is redirected with HTTP 302 to https:// url, the client certificate is
not presented properly and downloading files fails.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1217741/+subscriptions
More information about the foundations-bugs
mailing list