Project

Profile

Help

Issue #8783

closed

CA certificate does not handle a CA bundle or chain file correctly

Added by ehelms@redhat.com almost 3 years ago. Updated over 2 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 99
Quarter:

Description

If I set the value of ca_certificate (e.g. update certguard_rhsmcertguard SET ca_certificate = :'content' ;) where that content is a bundle of CA certificates, clients will receive a 403 unless the CA that signed the client certificate is the first CA in the file.

Actions #1

Updated by bmbouter almost 3 years ago

Thanks, we definitely want to get this working. Right now the feature set has 100% functional test coverage with certs we got from katello last time. Would it be possible for katello to provide cert/CA data we could test with? We keep it all here: https://github.com/pulp/pulp-certguard/tree/master/pulp_certguard/tests/functional/artifacts

Also can you outline the test we should run, maybe just a more detailed description of the usage along with references to the CA and cert files provided?

@eric wdyt?

Actions #2

Updated by ehelms@redhat.com almost 3 years ago

I figured the best way I could show it is through code: https://github.com/pulp/pulp-certguard/pull/95

Actions #3

Updated by ggainey almost 3 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ggainey
  • Sprint set to Sprint 99
Actions #4

Updated by ggainey almost 3 years ago

ehelms@redhat.com - I pulled the testcase you sibmitted into https://github.com/pulp/pulp-certguard/pull/99 so the test and the code are in one place. You good w/ that?

Actions #5

Updated by pulpbot almost 3 years ago

  • Status changed from ASSIGNED to POST

Added by ggainey over 2 years ago

Revision 89b9a2df | View on GitHub

Taught CertGuard ca_certificate to accept a cert-bundle.

Testcase merged here from https://github.com/pulp/pulp-certguard/pull/95 - thanks to !

closes #8783

Actions #6

Updated by ggainey over 2 years ago

  • Status changed from POST to MODIFIED
Actions #7

Updated by pulpbot over 2 years ago

  • Sprint/Milestone set to 1.4.0
Actions #8

Updated by pulpbot over 2 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF