Bug 980859
Summary: | can't handle passwords with & | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Anthony Green <green> |
Component: | crypto-utils | Assignee: | Joe Orton <jorton> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 19 | CC: | emaldona, jorton, rrf5000 |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | crypto-utils-2.4.1-47.fc20 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-02-13 23:29:17 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Anthony Green
2013-07-03 11:26:06 UTC
Version-Release number of selected component (if applicable): crypto-utils-2.4.1-24.2.el6.x86_64 I had a similar problem on RHEL 6.4 x86_64 where a passphrase with spaces would be accepted by genkey, but then cause failure where the same passphrase could not be used to decrypt the key. Running genkey with "genkey --test" or directly calling /usr/bin/keyutil does not provide an error message when providing a passphrase containing spaces. Running genkey without the "--test" flag does provide an error message, but about certificate creation failure, not about the passphrase. It seems that genkey passes the passphrase to /usr/bin/keyutil unquoted. Surrounding the passphrase in quotes in the call to /usr/bin/keyutil seems to solve the problem. Fails: /usr/bin/keyutil -c genreq -g 512 -s "CN=test, OU=testou, O=testo, L=testl, ST=testst, C=US" -v 24 -a -o /etc/pki/tls/certs/two.words.0.csr -k /etc/pki/tls/private/two.words.key -e two words Works: /usr/bin/keyutil -c genreq -g 512 -s "CN=test, OU=testou, O=testo, L=testl, ST=testst, C=US" -v 24 -a -o /etc/pki/tls/certs/two.words.0.csr -k /etc/pki/tls/private/two.words.key -e "two words" I have a more detailed write-up of tests if it is needed. If necessary, I can also file this as a separate bug, but it seemed that the original description here about non-escaped passphrase characters and the problem I encountered were similar enough to merit mentioning here first. Commit: http://pkgs.fedoraproject.org/gitweb/?p=crypto-utils.git;a=commitdiff;h=3c5bc63a88f5d1ff334cf3509a6613a7b58eaf2c Package: crypto-utils-2.4.1-47.fc21 Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=494035 Commit: http://pkgs.fedoraproject.org/gitweb/?p=crypto-utils.git;a=commitdiff;h=3c5bc63a88f5d1ff334cf3509a6613a7b58eaf2c Package: crypto-utils-2.4.1-47.fc20 Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=494042 crypto-utils-2.4.1-48.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/FEDORA-2014-1362/crypto-utils-2.4.1-48.fc20 crypto-utils-2.4.1-48.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/crypto-utils-2.4.1-48.fc19 crypto-utils-2.4.1-48.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. crypto-utils-2.4.1-48.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. Fixed in updates. |