Bug 702075

Summary: subscription manager installs broken certs
Product: Red Hat Enterprise Linux 5 Reporter: Chris Duryee <cduryee>
Component: subscription-managerAssignee: John Sefler <jsefler>
Status: CLOSED ERRATA QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.7CC: dgoodwin, jmolet, spandey
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 691788 Environment:
Last Closed: 2011-07-21 08:46:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 691788    
Bug Blocks: 675214    
Attachments:
Description Flags
Error dialog is properly displayed when attempting to import an invalid cert. none

Comment 2 John Sefler 2011-05-13 19:54:45 UTC 
Created attachment 498858 [details]
Error dialog is properly displayed when attempting to import an invalid cert.

Verifying Version...
[root@jsefler-onprem-5server ~]# rpm -qa | grep subscription-manager
subscription-manager-gnome-0.95.5.14-1.git.3.83b3a73.el5
subscription-manager-firstboot-0.95.5.14-1.git.3.83b3a73.el5
subscription-manager-0.95.5.14-1.git.3.83b3a73.el5


# tail -f /var/log/rhsm/rhsm.log
2011-05-13 14:58:58,583 [WARNING]  @certificate.py:346 - No product information in certificate: 1248301909031734855
2011-05-13 14:58:58,584 [ERROR]  @importsub.py:82 - Error parsing manually imported entitlement certificate: /root/bug702075.pem
2011-05-13 14:58:58,584 [ERROR]  @importsub.py:84 - Invalid X509 entitlement certificate.
Traceback (most recent call last):
  File "/usr/share/rhsm/subscription_manager/gui/importsub.py", line 80, in _import_button_clicked
    raise Exception("Invalid X509 entitlement certificate.")
Exception: Invalid X509 entitlement certificate.

^^^ That's the logged traceback when attempting to import an invalid cert.


[root@jsefler-onprem-5server ~]# ls -l /etc/pki/entitlement/
total 0
[root@jsefler-onprem-5server ~]# 

^^^ Also verified that the invalid cert was NOT dropped into the entitlement directory


I also performed the manual test of putting the bad cert into the /etc/pki/entitlement directory and started the gui to verify that the gui will start with a bad entitlement cert...   The gui starts fine.  Here is a snippet from the rhsm.log...
[root@jsefler-onprem-5server entitlement]# ls /etc/pki/entitlement/
bug702075.pem
[root@jsefler-onprem-5server entitlement]# subscription-manager-gui &
[1] 24784

# tail -f /var/log/rhsm/rhsm.log
2011-05-13 15:44:35,660 [ERROR]  @certlib.py:421 - File: /etc/pki/entitlement/bug702075.pem, not loaded
Reason(s):
 - No order infomation
2011-05-13 15:44:35,675 [WARNING]  @certificate.py:346 - No product information in certificate: 1248301909031734855
2011-05-13 15:44:35,676 [ERROR]  @certlib.py:417 - Reason(s):
 - No order infomation
Traceback (most recent call last):
  File "/usr/share/rhsm/subscription_manager/certlib.py", line 414, in append
    raise Exception('\n - '.join(bogus))
Exception: Reason(s):
 - No order infomation


moving to VERIFIED
Comment 3 errata-xmlrpc 2011-07-21 08:46:33 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2011-1078.html
Comment 4 errata-xmlrpc 2011-07-21 12:30:26 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2011-1078.html