Project

Profile

Help

Issue #8783

CA certificate does not handle a CA bundle or chain file correctly

Added by ehelms@redhat.com 6 months ago. Updated 5 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 99
Quarter:

Description

If I set the value of ca_certificate (e.g. update certguard_rhsmcertguard SET ca_certificate = :'content' ;) where that content is a bundle of CA certificates, clients will receive a 403 unless the CA that signed the client certificate is the first CA in the file.

Associated revisions

Revision 89b9a2df View on GitHub
Added by ggainey 5 months ago

Taught CertGuard ca_certificate to accept a cert-bundle.

Testcase merged here from https://github.com/pulp/pulp-certguard/pull/95 - thanks to !

closes #8783

History

#1 Updated by bmbouter 6 months ago

Thanks, we definitely want to get this working. Right now the feature set has 100% functional test coverage with certs we got from katello last time. Would it be possible for katello to provide cert/CA data we could test with? We keep it all here: https://github.com/pulp/pulp-certguard/tree/master/pulp_certguard/tests/functional/artifacts

Also can you outline the test we should run, maybe just a more detailed description of the usage along with references to the CA and cert files provided?

@eric wdyt?

#2 Updated by ehelms@redhat.com 6 months ago

I figured the best way I could show it is through code: https://github.com/pulp/pulp-certguard/pull/95

#3 Updated by ggainey 6 months ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ggainey
  • Sprint set to Sprint 99

#4 Updated by ggainey 5 months ago

ehelms@redhat.com - I pulled the testcase you sibmitted into https://github.com/pulp/pulp-certguard/pull/99 so the test and the code are in one place. You good w/ that?

#5 Updated by pulpbot 5 months ago

  • Status changed from ASSIGNED to POST

#6 Updated by ggainey 5 months ago

  • Status changed from POST to MODIFIED

#7 Updated by pulpbot 5 months ago

  • Sprint/Milestone set to 1.4.0

#8 Updated by pulpbot 5 months ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF