Bug 830679
Summary: | [Patch] Make rhui-manager allows valid RHUI entitlement certificates w/ extension other than ".pem" | ||
---|---|---|---|
Product: | Red Hat Update Infrastructure for Cloud Providers | Reporter: | Satoru SATOH <ssato> |
Component: | RHUA | Assignee: | John Matthews <jmatthew> |
Status: | CLOSED ERRATA | QA Contact: | mkovacik |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 2.1 | CC: | cbillett, jmatthew, kbidarka, melewis, mfuruta, sclewis, sghai, tsanders, vkuznets |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | 2.1.3 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
This update fixes the assumption that a certificate was invalid if the file name did not use the extension .pem. This resulted in valid certificates being marked as invalid. This has been changed so that an attempt is made with the certificate and it is only marked as invalid after it has failed. This means that a certificate with any extension can be used and the file name no longer needs to end in .pem.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2013-12-17 20:08:58 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Attachments: |
Created attachment 590844 [details]
Surround X509.load_cert_string() w/ try ... except and replace try ... finally w/ with statement
Created attachment 590845 [details]
Surround X509.load_cert_string() w/ try ... except and replace try ... finally w/ with statement
Created attachment 590852 [details]
Ensure valid certificates contain entitlements copied w/ '.pem' extension is added and not skipped during certs reload
I tested _normalize_ext() as follows:
$ nosetests --verbose --with-doctest src/rhui/tools/cert_manager.py
moving to version 2.1.1 Supposed fix will just prevent silent dropping of the cert file --- the only files accepted will remain those *.pem Please hold off on committing this patch into RHUI. We are considering moving to the RHSM certificate.py implementation in RHUI 2.1.3. If we do move to that certificate implementation we can re-evaluate this BZ afterwards and see if work is needed to no longer require a .pem extension. RHEL-6.4-RHUI-2.1.3-20131118.1-Server-x86_64-DVD1.iso Verified with rh-rhui-tools-2.1.36-1.el6_5: 1) Valid cert with '.txt' extension upload succeeded 2) Invalid cert with '.pem' extension upload failed Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1854.html |
Created attachment 590843 [details] Make rhui.common.cert_utils.entitlements_in_cert catching X509.X509Error, etc. Description of problem: Current implementation of rhui-manager does not look allowing RHUI entitlement certificates w/ extensions other than ".pem" and such certificates are silently ignored and skipped. That is, the following will be an error even if given file is correct RHUI entitlement certificate: # rhui-manager cert upload --cert rhua-entitlement-cert.txt ^^^ IMHO, rhui-manager should allow files w/ any extensions and I made a series of patches implement this (not tested). Version-Release number of selected component (if applicable): rh-rhui-tools-2.0.64-1.el6_2