Back to bug 1970641

Who When What Removed Added
Randy Martinez 2021-06-10 21:51:22 UTC Summary [GSS][rook] external kms CA cert extension not valid with curl's --capath [GSS][rook] external kms CA cert secret not functional with curl's -capath as implemented today
Travis Nielsen 2021-06-10 21:54:33 UTC Assignee tnielsen shan
akarsha 2021-06-11 07:05:08 UTC CC akrai
QA Contact ebenahar akrai
Travis Nielsen 2021-06-14 16:58:53 UTC CC tnielsen
Michael Adam 2021-06-14 18:04:33 UTC Flags needinfo?(tnielsen)
Travis Nielsen 2021-06-14 18:44:36 UTC CC shan
Flags needinfo?(tnielsen) needinfo?(shan)
Yaniv Kaul 2021-06-15 07:13:05 UTC Priority unspecified urgent
Mike Hackett 2021-06-15 15:41:48 UTC CC mhackett
Sébastien Han 2021-06-21 12:57:17 UTC Flags needinfo?(shan)
Sébastien Han 2021-06-21 13:06:34 UTC Status NEW POST
Link ID Github rook/rook/pull/8157
Severity urgent high
Mudit Agarwal 2021-06-21 13:19:22 UTC CC muagarwa
Neha Berry 2021-06-21 13:38:19 UTC CC nberry
RHEL Program Management 2021-06-21 13:38:30 UTC Target Release --- OCS 4.8.0
Mudit Agarwal 2021-06-21 15:00:00 UTC Blocks 1974399
Sébastien Han 2021-06-21 16:18:56 UTC Link ID Github openshift/rook/pull/257
Blocks 1974399
Sébastien Han 2021-06-21 16:24:59 UTC Blocks 1974399
Sébastien Han 2021-06-21 16:30:51 UTC Status POST MODIFIED
Rachael 2021-06-23 05:00:21 UTC CC rgeorge
QA Contact akrai rgeorge
Mudit Agarwal 2021-06-28 15:18:56 UTC Doc Text Cause:

The full chain of certificates provided had one self-signed certificate and no client certificate/private key provided.

Consequence:

This confused curl on how to validate the certificate, especially since the directory storing the certificates was not c_rehash by openssl which is expected when calling curl with --capath.

Fix:

Calling curl with --cacert gets the proper certificate validation we need.

Result:

Certificates are validated correctly and the encryption key can be retrieved.
Doc Type If docs needed, set a value Bug Fix
Mudit Agarwal 2021-06-30 05:56:44 UTC Status MODIFIED ON_QA
Fixed In Version 4.8.0-432.ci
Rachael 2021-07-06 07:27:35 UTC Status ON_QA VERIFIED
Red Hat One Jira (issues.redhat.com) 2021-08-17 17:50:05 UTC Link ID Red Hat Issue Tracker OCSQECL-95
Red Hat One Jira (issues.redhat.com) 2021-08-17 17:52:13 UTC Link ID Red Hat Issue Tracker OCSQECL-95
Elad 2021-08-25 09:24:43 UTC Keywords AutomationBackLog
Prasad Desala 2021-11-22 05:45:33 UTC Keywords AutomationBackLog
CC tdesala
Link ID Github red-hat-storage/ocs-ci/pull/4938
Red Hat Bugzilla 2022-12-31 19:09:20 UTC CC tdesala
Red Hat Bugzilla 2022-12-31 19:54:40 UTC CC nberry
Red Hat Bugzilla 2023-01-01 05:52:28 UTC CC mhackett
Red Hat Bugzilla 2023-01-01 07:23:02 UTC CC tnielsen
Alasdair Kergon 2023-01-04 05:18:56 UTC CC nberry
Alasdair Kergon 2023-01-04 05:48:38 UTC CC tdesala
Alasdair Kergon 2023-01-04 05:49:38 UTC CC tnielsen
Alasdair Kergon 2023-01-04 11:29:24 UTC CC mhackett
Red Hat Bugzilla 2023-01-31 23:38:35 UTC CC madam
Red Hat Bugzilla 2023-08-03 08:28:51 UTC CC ocs-bugs

Back to bug 1970641