Bug 1357075
| Summary: | pki client-cert-import --trust option does not apply the specified trust bits | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Roshni <rpattath> |
| Component: | pki-core | Assignee: | RHCS Maintainers <rhcs-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | mharmsen |
| Target Milestone: | rc | ||
| Target Release: | 7.3 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | pki-core-10.3.3-5.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-04 05:26:10 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Upstream ticket: https://fedorahosted.org/pki/ticket/2412 [alee@localhost pki]$ git push origin master Counting objects: 50, done. Delta compression using up to 8 threads. Compressing objects: 100% (46/46), done. Writing objects: 100% (50/50), 8.80 KiB | 0 bytes/s, done. Total 50 (delta 39), reused 0 (delta 0) To ​ssh://vakwetu.org/git/pki.git
cb72f5b..7cfff9f master -> master
* 7cfff9fb0c08d08f57d6229cb8a67d7c94f785aa
[root@auto-hv-02-guest02 certsdb]# rpm -qi pki-ca Name : pki-ca Version : 10.3.3 Release : 8.el7 Architecture: noarch Install Date: Wed 31 Aug 2016 02:28:11 PM EDT Group : System Environment/Daemons Size : 2430595 License : GPLv2 Signature : (none) Source RPM : pki-core-10.3.3-8.el7.src.rpm Build Date : Tue 30 Aug 2016 03:23:27 PM EDT Build Host : ppc-015.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ Summary : Certificate System - Certificate Authority [root@auto-hv-02-guest02 certsdb]# pki -d . -c Secret123 -h localhost -p 8080 client-cert-import "CA Certificate" --ca-cert ca.pem --trust CT,CT,CT ------------------------------------- Imported certificate "CA Certificate" ------------------------------------- [root@auto-hv-02-guest02 certsdb]# certutil -L -d . Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI PKI CA Administrator for Example.Org u,u,u CA Certificate CT,C,C Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2396.html |
Description of problem: pki client-cert-import --trust option does not apply the specified trust bits Version-Release number of selected component (if applicable): pki-ca-10.3.3-3.el7.noarch How reproducible: always Steps to Reproduce: pki -d /etc/dirsrv/slapd-topology-06-testingmaster -C /etc/dirsrv/slapd-topology-06-testingmaster/password.txt -h localhost -p 20080 client-cert-import "CA Certificate" --ca-cert /etc/dirsrv/slapd-topology-06-testingmaster/ca.crt --trust CT,CT,CT Actual results: ------------------------------------- Imported certificate "CA Certificate" ------------------------------------- [root@pki1 ~]# certutil -L -d /etc/dirsrv/slapd-topology-06-testingmaster Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI CA Certificate CT,c, Expected results: The imported certificate should have trust bits set to "CT,C,C" Additional info: