Bug 1371479
| Summary: | cert-find --all does not show information about revocation | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Bašti <mbasti> | |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | |
| Status: | CLOSED ERRATA | QA Contact: | Ganna Kaihorodova <gkaihoro> | |
| Severity: | unspecified | Docs Contact: | Aneta Šteflová Petrová <apetrova> | |
| Priority: | high | |||
| Version: | 7.3 | CC: | apetrova, ipa-qe, jcholast, jhrozek, jreznik, mkolaja, nsoman, ppicka, pvoborni, pvomacka, rcritten, spoore, tscherf | |
| Target Milestone: | rc | Keywords: | ZStream | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | ipa-4.4.0-13.el7 | Doc Type: | Known Issue | |
| Doc Text: |
The IdM web UI does not correctly recognize the status of a revoked certificate
The Identity Management (IdM) web UI is currently unable to determine whether a certificate has been revoked. As a consequence:
* The `Revoked` sign is not displayed when viewing the certificate from the user, service, or host details page.
* The `Revoke` action is still available from the details page. Attempting to revoke an already revoked certificate results in an error dialog.
* The `Remove Hold` button is always disabled even if the certificate has been revoked because of Certificate Hold (revocation reason 6).
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1389252 (view as bug list) | Environment: | ||
| Last Closed: | 2017-08-01 09:39:54 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1389252 | |||
| Attachments: | ||||
|
Description
Martin Bašti
2016-08-30 10:04:01 UTC
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/22d5f579bbd8bb452cf1bf620294ab6ade6e7c47 I see revoked but, I don't see a reason. This user was revoked with reason 6 (certificateHold) [root@master ~]# ipa cert-find --all --subject="certuser6" --------------------- 1 certificate matched --------------------- Certificate: MIID+zCCAuOgAwIBAgIBITANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhJUEEuVEVTVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDkxNjE2MzQ0MFoXDTE4MDkxNzE2MzQ0MFowJzERMA8GA1UECgwISVBBLlRFU1QxEjAQBgNVBAMMCWNlcnR1c2VyNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANP+2OaUy+yY9oHiDI7Y/0vvVbLOoSibqBxKACkioAor60hacKQ6U6FRfkf+RFLk2mZC1sZujQQTV5coZM2iaw6R+EoUSU9iBnzYN28dg4mtANs7LcSI30nC/GKfKBonIJxTSFJzRO9McQsyuOZpASpyTXmK8q3jIHesbt+YIiaFOiHg0lEp8YwC9BXDfpsddPHUGSpKTmahfsA+SnmfAHvMPB9By4qG+l+mFIKhoc7A4GC+bagY0gInJypVixyGHaFHAISj6EmcoNA+Jt9s+7AVlhVOLNWwiX/kBtHBTHjHZ7MnQSSFHJetO5a6qxgT1WozMnB++ol+MyTeUx6NE2kCAwEAAaOCASQwggEgMB8GA1UdIwQYMBaAFHd7AWUYXj4zbNHmYYZgzTb1jQu8MDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL2lwYS1jYS5pcGEudGVzdC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwcwYDVR0fBGwwajBooDCgLoYsaHR0cDovL2lwYS1jYS5pcGEudGVzdC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFGG94ybYfpzIfsdKmNbkS2MGUdF9MA0GCSqGSIb3DQEBCwUAA4IBAQBdXvmzwChyPlksQXH8VSkqXLEILgqcoa+ntqFyO+wWbgBr/Uf6lcC+f17RuGyahDMr7WfbwHi4tZZxk8UkUwdC3uyaFom1Zvshjkdm3D5RTfFfZAulX2TbzNQnsfR5q51TuYYpvqz5Ed7e9AnHRvMd36Qkog21VGFmoC13TIvD6SzhCtCnFUUR/HViUeSuUlBipV7CVBqfsYGQvDvQd9cOGwesmsq0kIYF++edYzN/pOV5tW9QR6gNEu9jbup3xm9kZyElCb/WGsV5ugtyAEGyCq7Ny6EI4VLtSB0AEb8tvBGuZj2hnEQ+lCR40X+QINkAelZ7rWmjwAEoZalaFUdL Subject: CN=certuser6,O=IPA.TEST Issuer: CN=Certificate Authority,O=IPA.TEST Not Before: Fri Sep 16 16:34:40 2016 UTC Not After: Mon Sep 17 16:34:40 2018 UTC Fingerprint (MD5): 54:99:de:e6:ae:ad:17:fc:0f:e2:98:d9:f2:8a:70:f4 Fingerprint (SHA1): 61:41:b9:01:57:e2:d4:7c:f5:bd:af:1d:12:06:b1:9c:83:d1:85:8b Serial number: 33 Serial number (hex): 0x21 Status: REVOKED Revoked: True Owner user: certuser6 ---------------------------- Number of entries returned 1 ---------------------------- I can remove the hold: [root@master ~]# ipa cert-remove-hold 33 Unrevoked: True But I cannot tell from cert-find what the reason is. From the initial bug description that should be added as well, right? Petr, Can you help with this? This should be showing the reason too right? Thanks, Scott Pavel, the original bug description talks about revocation reason, but the fix doesn't touch it. Was this bug about it? Yes, it was about the information whether bug is revoked and if it is then what is the reason. The revocation reason is needed. Moving back to assigned since it does look like revocation reason should be listed. Fixed upstream master: https://fedorahosted.org/freeipa/changeset/16dad1c3cb09acee946bc5b2409447279a8bc0de ipa-4-4: https://fedorahosted.org/freeipa/changeset/30b478113e0dd7993f491c1582003567e9b20d13 Created attachment 1279694 [details]
Verification for bug "cert-find --all does not show information about revocation"
Created attachment 1279695 [details]
verification screenshot for webUI part of the bug
Created attachment 1279696 [details]
verification screenshot #2 for webUI part of the bug
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304 |