Closed reneradoi closed 1 week ago
With https://github.com/canonical/opensearch-operator/pull/380 the Subject Alternative Names in the certificates were reduced to only one DNS name and one ip address. This is to mitigate the impact of upstream Opensearch bug https://github.com/opensearch-project/security/issues/4480, which causes failure when reloading TLS certificates via API.
Subject Alternative Names
Once the upstream bug is removed, the function _get_sans() in opensearch_tls.py should be adjusted again to the original set of DNS names and ip addresses in the sans-dictionary.
_get_sans()
opensearch_tls.py
https://warthogs.atlassian.net/browse/DPE-5043
Fixed by https://github.com/canonical/opensearch-operator/commit/a887c2b2de909cd73b67a8e87843fe929dba4b15
With https://github.com/canonical/opensearch-operator/pull/380 the
Subject Alternative Names
in the certificates were reduced to only one DNS name and one ip address. This is to mitigate the impact of upstream Opensearch bug https://github.com/opensearch-project/security/issues/4480, which causes failure when reloading TLS certificates via API.Once the upstream bug is removed, the function
_get_sans()
inopensearch_tls.py
should be adjusted again to the original set of DNS names and ip addresses in the sans-dictionary.