Bug 1366604
Summary: | `cert-find` crashes on invalid certificate data | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Petr Vobornik <pvoborni> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Kaleem <ksiddiqu> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 7.3 | CC: | mbasti, nsoman, pvoborni, rcritten, sumenon |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.4.0-8.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-04 06:00:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Petr Vobornik
2016-08-12 12:35:02 UTC
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/8ad03259fe770b222e70286fd00c3416b4ed197d Martin/Petr, I tested this on RHEL73 using ipa-server-4.4.0-11.el7.x86_64 Although i don't see a traceback, i see the below warning message, can you please confirm this is not an issue. [root@master ~]# ipa cert-find --certificate=bougscrt ipa: WARNING: Search result has been truncated: failed to load certificate: (SEC_ERROR_INVALID_ARGS) security library: invalid arguments. ---------------------- 0 certificates matched ---------------------- ---------------------------- Number of entries returned 0 ---------------------------- [root@master ~]# ipa cert-find ----------------------- 10 certificates matched ----------------------- Issuing CA: ipa Subject: CN=Certificate Authority,O=TEST-RELM.TEST Issuer: CN=Certificate Authority,O=TEST-RELM.TEST Serial number: 1 Serial number (hex): 0x1 Status: VALID Revoked: False Issuing CA: ipa Subject: CN=OCSP Subsystem,O=TEST-RELM.TEST Issuer: CN=Certificate Authority,O=TEST-RELM.TEST Serial number: 2 Serial number (hex): 0x2 Status: VALID Revoked: False Issuing CA: ipa Subject: CN=master.test-relm.test,O=TEST-RELM.TEST Issuer: CN=Certificate Authority,O=TEST-RELM.TEST Serial number: 3 Serial number (hex): 0x3 Status: VALID Revoked: False Issuing CA: ipa Subject: CN=CA Subsystem,O=TEST-RELM.TEST Issuer: CN=Certificate Authority,O=TEST-RELM.TEST Serial number: 4 Serial number (hex): 0x4 Status: VALID Revoked: False Issuing CA: ipa Subject: CN=CA Audit,O=TEST-RELM.TEST Issuer: CN=Certificate Authority,O=TEST-RELM.TEST Serial number: 5 Serial number (hex): 0x5 Status: VALID Revoked: False Issuing CA: ipa Subject: CN=ipa-ca-agent,O=TEST-RELM.TEST Issuer: CN=Certificate Authority,O=TEST-RELM.TEST Serial number: 6 Serial number (hex): 0x6 Status: VALID Revoked: False Issuing CA: ipa Subject: CN=IPA RA,O=TEST-RELM.TEST Issuer: CN=Certificate Authority,O=TEST-RELM.TEST Serial number: 7 Serial number (hex): 0x7 Status: VALID Revoked: False Issuing CA: ipa Subject: CN=master.test-relm.test,O=TEST-RELM.TEST Issuer: CN=Certificate Authority,O=TEST-RELM.TEST Serial number: 8 Serial number (hex): 0x8 Status: VALID Revoked: False Issuing CA: ipa Subject: CN=master.test-relm.test,O=TEST-RELM.TEST Issuer: CN=Certificate Authority,O=TEST-RELM.TEST Serial number: 9 Serial number (hex): 0x9 Status: VALID Revoked: False Issuing CA: ipa Subject: CN=Object Signing Cert,O=TEST-RELM.TEST Issuer: CN=Certificate Authority,O=TEST-RELM.TEST Serial number: 10 Serial number (hex): 0xA Status: VALID Revoked: False ----------------------------- Number of entries returned 10 ----------------------------- The warning message is expected Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |