Project

Profile

Help

Issue #6735

closed

Docs incorrectly recommend to users they escape newlines from their ca_cert and client_cert

Added by bmbouter over 4 years ago. Updated over 4 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 77
Quarter:

Description

Background

The BaseRemote.ca_cert and BaseRemote.client_cert fields the current serializers tell the user "All new line characters must be escaped". You can see that here.

There are two issues with this:

  1. It's not needed. For example pulp-certguard allows users to submit certs without modification, they are saved in the database, and openssl uses them correctly.

  2. It's extra work for users.

Solution

  1. Update the serializers to not have newlines escaped
  2. Audit the handling of these fields throughout the code and remove any "unescaping" that is done
  3. Add a .removal release note indicating this is a breaking change and users will need to re-save their ca_cert and client_cert fields
  4. Audit client_key as well just for good measure
  5. Add a test that sync's content where a ca_cert is required
  6. Add a test that sync's content where a client_cert and client_key is required

How to add these tests?

These tests will use the Red Hat CDN and will use a test certificate and key registered to pulp-infra, along with the master ca_cert of the Red Hat CDN. The test certs will be stored as a Travis secret and made available to the tests via environment variables. If the test goes to run and the environment variables are not present the test should skip.

Also available in: Atom PDF