Bug 1612880
Summary: | CMC Revocations throws exception with same reqIssuer & certissuer [rhel-7.5.z] | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jaroslav Reznik <jreznik> |
Component: | pki-core | Assignee: | Christina Fu <cfu> |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
Severity: | high | Docs Contact: | Marc Muehlfeld <mmuehlfe> |
Priority: | high | ||
Version: | 7.5 | CC: | cfu, gkapoor, mharmsen, msauton, rpattath |
Target Milestone: | rc | Keywords: | TestCaseProvided, ZStream |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | pki-core-10.5.1-15.el7_5 | Doc Type: | Bug Fix |
Doc Text: |
Previously, if the issuer subjectDN attribute of the certificate authority (CA) signing certificate had a different encoding than the default on the host running Certificate System, comparing the issuer subjectDN failed. With this update, the server extracts the issuer subjectDN of the CA signing certificate for comparison. As a result, comparing the attribute succeeds.
|
Story Points: | --- |
Clone Of: | 1608375 | Environment: | |
Last Closed: | 2018-09-25 19:07:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1608375 | ||
Bug Blocks: |
Description
Jaroslav Reznik
2018-08-06 13:11:32 UTC
Test procedure: Should be the same setup as https://bugzilla.redhat.com/show_bug.cgi?id=1608375#c0 Attachments were provided by gkapoor. commit 4a085b2ea3ee0f89ef2e49e1c0dbee2e36abd248 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH) Author: Christina Fu <cfu> Date: Thu Aug 2 09:31:50 2018 -0700 Bug1608375 - CMC Revocations throws exception with same reqIssuer & certissuer This patch resolves the possible encoding mismatch between the actual CA cert and the X500Name gleaned from the CMC revocation request. Change-Id: I220f5d656a69c90fa02ba38fa21b069ed7d15a9d doc text looks fine. [root@auto-hv-01-guest03 kra]# rpm -qi pki-ca Name : pki-ca Version : 10.5.1 Release : 15.el7_5 Architecture: noarch Install Date: Tue 11 Sep 2018 03:31:30 PM EDT Group : System Environment/Daemons Size : 2451877 License : GPLv2 Signature : (none) Source RPM : pki-core-10.5.1-15.el7_5.src.rpm Build Date : Mon 13 Aug 2018 11:12:20 PM EDT Build Host : ppc-021.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ Summary : Certificate System - Certificate Authority Verfication steps in https://bugzilla.redhat.com/show_bug.cgi?id=1608375#c13 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2759 |