| Summary: | Openssl error generating identity certificate not propagated having provided bad CA private key file password | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Update Infrastructure for Cloud Providers | Reporter: | mkovacik | ||||
| Component: | RHUA | Assignee: | James Slagle <jslagle> | ||||
| Status: | CLOSED ERRATA | QA Contact: | wes hayutin <whayutin> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 2.0.3 | CC: | kbidarka, lbrindle, mmariani, sghai, tsanders | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: |
C: If openssl generated a password error, the error was not sent to RHUI Manager.
C: When creating a new identity certificate using RHUI Manager, the system reported that the certificate was created successfully, even if the password was entered incorrectly.
F: Errors generated by openssl are now propagated through to RHUI Manager.
R: Identity certificate generation will fail if an incorrect password is entered.
Final:
* If openssl generated a password error, the error was not sent to RHUI Manager. When creating a new identity certificate using RHUI Manager, the system reported that the certificate was created successfully, even if the password was entered incorrectly. Errors generated by openssl are now propagated through to RHUI Manager, and identity certificate generation will fail if an incorrect password is entered. (BZ#809064)
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-05-01 18:37:26 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
Made change to fail identity certificate creation if there is an openssl error. committed to cloude master: 3ec520f6be4ba8d8c1c4b9d74738315bd61fc533 Verified in RHEL-6.2-RHUI-2.0.3-20120416.0-Server-x86_64-DVD1.iso Created attachment 578022 [details]
Verifying log
*** Bug 811624 has been marked as a duplicate of this bug. ***
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
C: If openssl generated a password error, the error was not sent to RHUI Manager.
C: When creating a new identity certificate using RHUI Manager, the system reported that the certificate was created successfully, even if the password was entered incorrectly.
F: Errors generated by openssl are now propagated through to RHUI Manager.
R: Identity certificate generation will fail if an incorrect password is entered.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
Diffed Contents:
@@ -1,4 +1,7 @@
C: If openssl generated a password error, the error was not sent to RHUI Manager.
C: When creating a new identity certificate using RHUI Manager, the system reported that the certificate was created successfully, even if the password was entered incorrectly.
F: Errors generated by openssl are now propagated through to RHUI Manager.
-R: Identity certificate generation will fail if an incorrect password is entered.+R: Identity certificate generation will fail if an incorrect password is entered.
+
+Final:
+* If openssl generated a password error, the error was not sent to RHUI Manager. When creating a new identity certificate using RHUI Manager, the system reported that the certificate was created successfully, even if the password was entered incorrectly. Errors generated by openssl are now propagated through to RHUI Manager, and identity certificate generation will fail if an incorrect password is entered. (BZ#809064)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0539.html |
Description of problem: Having entered wrong CA private key file password the openssl error isn't propagated generating new identity certificate; see additional info for the details and screen-log Version-Release number of selected component (if applicable): 2.0.1 upgraded to 2.0.3 (RHEL-6.2-RHUI-2.0.3-20120322.0-Server-x86_64-DVD1.iso) How reproducible: Always Steps to Reproduce: 0. deploy rhui so that rhui-manager is using a CA key protected with password 1. within rhui-manager go to the identity screen 2. try generating new identity certificate 3. enter wrong password 4. a success is reported Actual results: openssl error accessing CA private key isn't propagated Expected results: openssl errors propagated Additional info: ### SCREEN LOG and ERROR DETAILS ### In the second attempt a wrong password was provided for the CA private key file [root@dhcp-31-127 ~]# fg rhui-manager g Generating a new RHUI identity certificate will replace the one currently stored at /etc/pki/rhui/identity.crt. Proceed? [y/n]: y Enter the number of days the RHUI identity certificate will be valid. If the identity certificate ever expires, it will need to be regenerated using rhui-manager [Default: 3650]: ....................................+++ ...........................+++ Enter pass phrase for /etc/pki/rhui/entitlement-ca-key.pem: Successfully regenerated RHUI Identity certificate ------------------------------------------------------------------------------ rhui (identity) => ^Z [1]+ Stopped rhui-manager [root@dhcp-31-127 ~]# less .rhui/rhui.log [root@dhcp-31-127 ~]# fg rhui-manager g Generating a new RHUI identity certificate will replace the one currently stored at /etc/pki/rhui/identity.crt. Proceed? [y/n]: y Enter the number of days the RHUI identity certificate will be valid. If the identity certificate ever expires, it will need to be regenerated using rhui-manager [Default: 3650]: ................................................+++ ..........+++ Enter pass phrase for /etc/pki/rhui/entitlement-ca-key.pem: Successfully regenerated RHUI Identity certificate ------------------------------------------------------------------------------ rhui (identity) => ^Z [1]+ Stopped rhui-manager [root@dhcp-31-127 ~]# less .rhui/rhui.log Command [openssl x509 -req -days 3650 -in /tmp/rhui-id-G3Qxs3/identity.csr -CA /etc/pki/rhui/entitlement-ca.crt -CAkey /etc/pki/rhui/entitlement-ca-key.pem -out /tmp/rhui-id-G3Qxs3/identity.crt -extfile /tmp/rhui-id-G3Qxs3/identity-extensions.txt -extensions rhui] Certificate creation output Signature ok subject=/CN=Red Hat Update Infrastructure Getting CA Private Key Private key creation output Exit Code: 0 writing RSA key Command [openssl x509 -req -days 3650 -in /tmp/rhui-id-fyowPt/identity.csr -CA /etc/pki/rhui/entitlement-ca.crt -CAkey /etc/pki/rhui/entitlement-ca-key.pem -out /tmp/rhui-id-fyowPt/identity.crt -extfile /tmp/rhui-id-fyowPt/identity-extensions.txt -extensions rhui] Certificate creation output Signature ok subject=/CN=Red Hat Update Infrastructure Getting CA Private Key unable to load CA Private Key Exception attempting to update consumer bundle for repository [rhel-x86_64-6-rhui-2-rpms-6Server-x86_64] Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/rhui/tools/pulp_api.py", line 470, in update_consumer_bundle {'consumer_cert_data':consumer_bundle}) File "/usr/lib/python2.6/site-packages/pulp/client/api/repository.py", line 81, in update return self.server.PUT(path, delta)[1] File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 326, in PUT return self._request('PUT', path, body=body) File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 287, in _request raise ServerRequestError(response.status, message, traceback) ServerRequestError: (500, u'Exception: certificate must be specified', u'Traceback (most recent call last):\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 48, in report_error\n return method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 127, in _auth_decorator\n value = method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/repositories.py", line 505, in PUT\n repo = api.update(id, delta)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 724, in update\n self._consolidate_bundle(value)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 156, in _consolidate_bundle\n raise Exception, \'certificate must be specified\'') Exception attempting to update consumer bundle for repository [rhel-6-rhui-server-rpms-6Server-i386] Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/rhui/tools/pulp_api.py", line 470, in update_consumer_bundle {'consumer_cert_data':consumer_bundle}) File "/usr/lib/python2.6/site-packages/pulp/client/api/repository.py", line 81, in update return self.server.PUT(path, delta)[1] File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 326, in PUT return self._request('PUT', path, body=body) File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 287, in _request raise ServerRequestError(response.status, message, traceback) ServerRequestError: (500, u'Exception: certificate must be specified', u'Traceback (most recent call last):\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 48, in report_error\n return method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 127, in _auth_decorator\n value = method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/repositories.py", line 505, in PUT\n repo = api.update(id, delta)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 724, in update\n self._consolidate_bundle(value)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 156, in _consolidate_bundle\n raise Exception, \'certificate must be specified\'') Exception attempting to update consumer bundle for repository [rhel-6-rhui-server-rpms-6Server-x86_64] Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/rhui/tools/pulp_api.py", line 470, in update_consumer_bundle {'consumer_cert_data':consumer_bundle}) File "/usr/lib/python2.6/site-packages/pulp/client/api/repository.py", line 81, in update return self.server.PUT(path, delta)[1] File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 326, in PUT return self._request('PUT', path, body=body) File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 287, in _request raise ServerRequestError(response.status, message, traceback) ServerRequestError: (500, u'Exception: certificate must be specified', u'Traceback (most recent call last):\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 48, in report_error\n return method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 127, in _auth_decorator\n value = method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/repositories.py", line 505, in PUT\n repo = api.update(id, delta)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 724, in update\n self._consolidate_bundle(value)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 156, in _consolidate_bundle\n raise Exception, \'certificate must be specified\'') Exception attempting to update consumer bundle for repository [rhel-5-server-rhui-rpms-5Server-i386] Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/rhui/tools/pulp_api.py", line 470, in update_consumer_bundle {'consumer_cert_data':consumer_bundle}) File "/usr/lib/python2.6/site-packages/pulp/client/api/repository.py", line 81, in update return self.server.PUT(path, delta)[1] File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 326, in PUT return self._request('PUT', path, body=body) File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 287, in _request raise ServerRequestError(response.status, message, traceback) ServerRequestError: (500, u'Exception: certificate must be specified', u'Traceback (most recent call last):\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 48, in report_error\n return method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 127, in _auth_decorator\n value = method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/repositories.py", line 505, in PUT\n repo = api.update(id, delta)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 724, in update\n self._consolidate_bundle(value)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 156, in _consolidate_bundle\n raise Exception, \'certificate must be specified\'') Exception attempting to update consumer bundle for repository [rhel-5-server-rhui-rpms-5Server-x86_64] Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/rhui/tools/pulp_api.py", line 470, in update_consumer_bundle {'consumer_cert_data':consumer_bundle}) File "/usr/lib/python2.6/site-packages/pulp/client/api/repository.py", line 81, in update return self.server.PUT(path, delta)[1] File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 326, in PUT return self._request('PUT', path, body=body) File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 287, in _request raise ServerRequestError(response.status, message, traceback) ServerRequestError: (500, u'Exception: certificate must be specified', u'Traceback (most recent call last):\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 48, in report_error\n return method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 127, in _auth_decorator\n value = method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/repositories.py", line 505, in PUT\n repo = api.update(id, delta)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 724, in update\n self._consolidate_bundle(value)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 156, in _consolidate_bundle\n raise Exception, \'certificate must be specified\'') Exception attempting to update consumer bundle for repository [c_1] Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/rhui/tools/pulp_api.py", line 470, in update_consumer_bundle {'consumer_cert_data':consumer_bundle}) File "/usr/lib/python2.6/site-packages/pulp/client/api/repository.py", line 81, in update return self.server.PUT(path, delta)[1] File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 326, in PUT return self._request('PUT', path, body=body) File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 287, in _request raise ServerRequestError(response.status, message, traceback) ServerRequestError: (500, u'Exception: certificate must be specified', u'Traceback (most recent call last):\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 48, in report_error\n return method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 127, in _auth_decorator\n value = method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/repositories.py", line 505, in PUT\n repo = api.update(id, delta)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 724, in update\n self._consolidate_bundle(value)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 156, in _consolidate_bundle\n raise Exception, \'certificate must be specified\'') Exception attempting to update consumer bundle for repository [c_2] Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/rhui/tools/pulp_api.py", line 470, in update_consumer_bundle {'consumer_cert_data':consumer_bundle}) File "/usr/lib/python2.6/site-packages/pulp/client/api/repository.py", line 81, in update return self.server.PUT(path, delta)[1] File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 326, in PUT return self._request('PUT', path, body=body) File "/usr/lib/python2.6/site-packages/pulp/client/api/server.py", line 287, in _request raise ServerRequestError(response.status, message, traceback) ServerRequestError: (500, u'Exception: certificate must be specified', u'Traceback (most recent call last):\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 48, in report_error\n return method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 127, in _auth_decorator\n value = method(self, *args, **kwargs)\n File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/repositories.py", line 505, in PUT\n repo = api.update(id, delta)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 724, in update\n self._consolidate_bundle(value)\n File "/usr/lib/python2.6/site-packages/pulp/server/api/repo.py", line 156, in _consolidate_bundle\n raise Exception, \'certificate must be specified\'')