Bug 2264610

Summary: FTBFS: sssd intermediate CA tests fail with OpenSSL 3.2
Product: [Fedora] Fedora Reporter: Stephen Gallagher <sgallagh>
Component: sssdAssignee: Pavel Březina <pbrezina>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: abokovoy, atikhono, dueno, ksurma, lslebodn, mzidek, pbrezina, sahana, sbose, ssorce, sssd-maintainers
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: sssd-2.9.4-6.fc41 sssd-2.10.0-1.fc41 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-10-17 23:11:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2260875, 2244836    

Description Stephen Gallagher 2024-02-16 21:46:43 UTC 
$ /usr/bin/make -C src/tests/test_CA/intermediate_CA ca_all
make: Entering directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA'
test -z "index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf " || rm -f index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf 
rm -rf .libs _libs
rm -rf newcerts
rm -rf softhsm*
rm -rf serial*
rm -f *.lo
/usr/bin/make -C ./.. SSSD_test_CA.pem
make[1]: Entering directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA'
/usr/bin/openssl req -batch -config ./SSSD_test_CA.config -x509 -new -nodes -key SSSD_test_CA_key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out SSSD_test_CA.pem
make[1]: Leaving directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA'
ln -s ./../SSSD_test_CA.pem
/usr/bin/openssl req -batch -config ./SSSD_test_intermediate_CA.config -new -nodes -key /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem -sha256 -out SSSD_test_intermediate_CA_req.pem
cd .. && /usr/bin/openssl ca -config /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA.config -batch -notext -keyfile /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA_key.pem -in /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_req.pem -days 200 -extensions v3_intermediate_ca -out /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.pem
Using configuration from /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA.config
Check that the request matches the signature
Signature ok
ERROR:There is already a certificate for /O=SSSD/OU=SSSD test/CN=SSSD test intermediate CA
The matching entry has the following details
Type          :Valid
Expires on    :240903175906Z
Serial Number :08
File name     :unknown
Subject Name  :/O=SSSD/OU=SSSD test/CN=SSSD test intermediate CA
make: *** [Makefile:756: SSSD_test_intermediate_CA.pem] Error 1
make: Leaving directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA'


Reproducible: Always

Steps to Reproduce:
1.Build SSSD and run the intermediate CA tests
2.
3.
Actual Results:  
$ /usr/bin/make -C src/tests/test_CA/intermediate_CA ca_all
make: Entering directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA'
test -z "index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf " || rm -f index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf 
rm -rf .libs _libs
rm -rf newcerts
rm -rf softhsm*
rm -rf serial*
rm -f *.lo
/usr/bin/make -C ./.. SSSD_test_CA.pem
make[1]: Entering directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA'
/usr/bin/openssl req -batch -config ./SSSD_test_CA.config -x509 -new -nodes -key SSSD_test_CA_key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out SSSD_test_CA.pem
make[1]: Leaving directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA'
ln -s ./../SSSD_test_CA.pem
/usr/bin/openssl req -batch -config ./SSSD_test_intermediate_CA.config -new -nodes -key /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem -sha256 -out SSSD_test_intermediate_CA_req.pem
cd .. && /usr/bin/openssl ca -config /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA.config -batch -notext -keyfile /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA_key.pem -in /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_req.pem -days 200 -extensions v3_intermediate_ca -out /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.pem
Using configuration from /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA.config
Check that the request matches the signature
Signature ok
ERROR:There is already a certificate for /O=SSSD/OU=SSSD test/CN=SSSD test intermediate CA
The matching entry has the following details
Type          :Valid
Expires on    :240903175906Z
Serial Number :08
File name     :unknown
Subject Name  :/O=SSSD/OU=SSSD test/CN=SSSD test intermediate CA
make: *** [Makefile:756: SSSD_test_intermediate_CA.pem] Error 1
make: Leaving directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA'


Expected Results:  
Successful test run.
Comment 1 Alexey Tikhonov 2024-02-19 08:03:33 UTC 
Pushed PR: https://github.com/SSSD/sssd/pull/7151

* `master`
    * 32b72c7c3303edb2bf55ae9a22e8db7855f3d7d1 - tests: Drop -extensions from openssl command if there is no -x509
* `sssd-2-9`
    * a453f9625b40a0a1fbcf055ffa196121f2b248b5 - tests: Drop -extensions from openssl command if there is no -x509
Comment 2 Alexey Tikhonov 2024-04-03 09:35:51 UTC 
*** Bug 2272913 has been marked as a duplicate of this bug. ***
Comment 3 Alexey Tikhonov 2024-04-03 09:45:12 UTC 
https://src.fedoraproject.org/rpms/sssd/pull-request/45#
Comment 4 Alexey Tikhonov 2024-04-03 12:31:06 UTC 
https://src.fedoraproject.org/rpms/sssd/c/cd2652550c6474787e7abd92485f3ef388dbf48a?branch=rawhide
Comment 5 Fedora Update System 2024-10-15 12:36:11 UTC 
FEDORA-2024-73827b9035 (sssd-2.10.0-1.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2024-73827b9035
Comment 6 Fedora Update System 2024-10-16 02:02:27 UTC 
FEDORA-2024-73827b9035 has been pushed to the Fedora 41 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-73827b9035`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-73827b9035

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2024-10-17 23:11:40 UTC 
FEDORA-2024-73827b9035 (sssd-2.10.0-1.fc41) has been pushed to the Fedora 41 stable repository.
If problem still persists, please make note of it in this bug report.