Issue #8783
closed
CA certificate does not handle a CA bundle or chain file correctly
Description
If I set the value of ca_certificate (e.g. update certguard_rhsmcertguard SET ca_certificate = :'content' ;) where that content is a bundle of CA certificates, clients will receive a 403 unless the CA that signed the client certificate is the first CA in the file.
Updated by bmbouter over 3 years ago
Thanks, we definitely want to get this working. Right now the feature set has 100% functional test coverage with certs we got from katello last time. Would it be possible for katello to provide cert/CA data we could test with? We keep it all here: https://github.com/pulp/pulp-certguard/tree/master/pulp_certguard/tests/functional/artifacts
Also can you outline the test we should run, maybe just a more detailed description of the usage along with references to the CA and cert files provided?
@eric wdyt?
Updated by ehelms@redhat.com over 3 years ago
I figured the best way I could show it is through code: https://github.com/pulp/pulp-certguard/pull/95
Updated by ggainey over 3 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to ggainey
- Sprint set to Sprint 99
Updated by ggainey over 3 years ago
ehelms@redhat.com - I pulled the testcase you sibmitted into https://github.com/pulp/pulp-certguard/pull/99 so the test and the code are in one place. You good w/ that?
Updated by pulpbot over 3 years ago
- Status changed from ASSIGNED to POST
Added by ggainey over 3 years ago
Updated by ggainey over 3 years ago
- Status changed from POST to MODIFIED
Applied in changeset 89b9a2df9e307452c2c72652371df848e58de884.
Updated by pulpbot over 3 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
.
Taught CertGuard ca_certificate to accept a cert-bundle.
Testcase merged here from https://github.com/pulp/pulp-certguard/pull/95 - thanks to ehelms@redhat.com!
closes #8783