Project

Profile

Help

Issue #8783

CA certificate does not handle a CA bundle or chain file correctly

Added by ehelms@redhat.com 2 months ago. Updated 29 days ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 99
Quarter:

Description

If I set the value of ca_certificate (e.g. update certguard_rhsmcertguard SET ca_certificate = :'content' ;) where that content is a bundle of CA certificates, clients will receive a 403 unless the CA that signed the client certificate is the first CA in the file.

Associated revisions

Revision 89b9a2df View on GitHub
Added by ggainey 30 days ago

Taught CertGuard ca_certificate to accept a cert-bundle.

Testcase merged here from https://github.com/pulp/pulp-certguard/pull/95 - thanks to !

closes #8783

History

#1 Updated by bmbouter 2 months ago

Thanks, we definitely want to get this working. Right now the feature set has 100% functional test coverage with certs we got from katello last time. Would it be possible for katello to provide cert/CA data we could test with? We keep it all here: https://github.com/pulp/pulp-certguard/tree/master/pulp_certguard/tests/functional/artifacts

Also can you outline the test we should run, maybe just a more detailed description of the usage along with references to the CA and cert files provided?

@eric wdyt?

#2 Updated by ehelms@redhat.com 2 months ago

I figured the best way I could show it is through code: https://github.com/pulp/pulp-certguard/pull/95

#3 Updated by ggainey about 1 month ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ggainey
  • Sprint set to Sprint 99

#4 Updated by ggainey about 1 month ago

ehelms@redhat.com - I pulled the testcase you sibmitted into https://github.com/pulp/pulp-certguard/pull/99 so the test and the code are in one place. You good w/ that?

#5 Updated by pulpbot about 1 month ago

  • Status changed from ASSIGNED to POST

#6 Updated by ggainey 30 days ago

  • Status changed from POST to MODIFIED

#7 Updated by pulpbot 29 days ago

  • Sprint/Milestone set to 1.4.0

#8 Updated by pulpbot 29 days ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF