38 lines
1.5 KiB
Plaintext
38 lines
1.5 KiB
Plaintext
<patchinfo incident="80">
|
|
<!-- generated from request(s) 339648 -->
|
|
<issue tracker="bnc" id="1217536">[TRACKERBUG] Update region certs to accommodate 4096 length on EC2</issue>
|
|
<issue tracker="bnc" id="1218656">Update region certs to accommodate 4096 length on EC2</issue>
|
|
<issue tracker="bnc" id="1228363">IPv6 access to regionsrv running in us-west2</issue>
|
|
<packager>rjschwei</packager>
|
|
<rating>moderate</rating>
|
|
<category>recommended</category>
|
|
<summary>Recommended update for regionServiceClientConfigEC2</summary>
|
|
<description>This update for regionServiceClientConfigEC2 contains the following fixes:
|
|
|
|
- Update to version 4.3.0 (bsc#1228363)
|
|
+ The IPv6 cert was switched up for the region server running in us-west-2
|
|
and as such the SSL handshake was failing. Drop the incorrect cert
|
|
and add the correct cert.
|
|
|
|
- Switch the patch syntax away form the deprecated shorthand macro
|
|
|
|
- Version 4.2.0
|
|
Replace certs (length 4096):
|
|
rgnsrv-ec2-cn-north1 -> 54.223.148.145 expires in 8 years
|
|
rgnsrv-ec2-us-west2-2 -> 54.245.101.47 expires in 9 years
|
|
|
|
Sidenote: We have one server with a short cert (2048) left;
|
|
34.197.223.242 expires in 2027
|
|
|
|
- Version 4.1.1
|
|
Add patch to not serve IPv6 addresses on SLES12
|
|
Related to bsc#1218656
|
|
|
|
- Update to version 4.1.1 (bsc#1217536)
|
|
+ Replace 54.247.166.75.pem and 54.253.118.149.pem old soon to expired certs
|
|
with new generated ones that expire in 8 years and have longer length (4096)
|
|
|
|
</description>
|
|
<package>regionServiceClientConfigEC2</package>
|
|
<seperate_build_arch/>
|
|
</patchinfo> |