Bug 1222595
Summary: | Suppress PIN values in 'getcert list' output | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Nalin Dahyabhai <nalin> |
Component: | certmonger | Assignee: | Jan Cholasta <jcholast> |
Status: | CLOSED ERRATA | QA Contact: | Kaleem <ksiddiqu> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.6 | CC: | dkupka, drieden, mkosek, nalin, tlavigne |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
URL: | https://fedorahosted.org/certmonger/ticket/42 | ||
Whiteboard: | |||
Fixed In Version: | certmonger-0.77.4-1.el6 | Doc Type: | Bug Fix |
Doc Text: |
Previously, after the user ran the "getcert list" command, the output included the PIN value if it was set for the certificate. Consequently, the user could unintentionally expose the PIN, for example by publicly sharing the output of the command. With this update, the "getcert list" output only contains a note that a PIN is set for the certificate. As a result, the PIN value itself is no longer displayed in the "getcert list" output.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-22 07:17:45 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nalin Dahyabhai
2015-05-18 15:10:58 UTC
Verified. certmonger version: =================== certmonger-0.77.4-1.el6.x86_64 snip from automation log: ========================= :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: BZ1222595: Suppress PIN values in 'getcert list' output :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ BEGIN ] :: Running 'cat /tmp/tmp.n05cAsr1y8/temp_bz1222595.out' Number of certificates and requests being tracked: 1. Request ID '20150519174524': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/tmp/tmp.n05cAsr1y8',nickname='certtest',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/tmp/tmp.n05cAsr1y8',nickname='certtest',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=TESTRELM.TEST subject: CN=cloud-qe-2.testrelm.test,O=TESTRELM.TEST expires: 2017-05-19 17:45:25 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: track: yes auto-renew: yes :: [ PASS ] :: Command 'cat /tmp/tmp.n05cAsr1y8/temp_bz1222595.out' (Expected 0, got 0) :: [ PASS ] :: File '/tmp/tmp.n05cAsr1y8/temp_bz1222595.out' should contain 'status: MONITORING' :: [ PASS ] :: File '/tmp/tmp.n05cAsr1y8/temp_bz1222595.out' should contain 'pin set' :: [ PASS ] :: File '/tmp/tmp.n05cAsr1y8/temp_bz1222595.out' should not contain 'xxxxxxxx' Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1379.html |