Bug 1002472 - Client can auto-attach the subscriptions with disabled certv3 from SAM server candlepin.
Client can auto-attach the subscriptions with disabled certv3 from SAM server...
Status: CLOSED WONTFIX
Product: Subscription Asset Manager
Classification: Red Hat
Component: candlepin (Show other bugs)
1.3
Unspecified Unspecified
unspecified Severity medium
: rc
: ---
Assigned To: Katello Bug Bin
SAM QE List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-29 05:50 EDT by qianzhan
Modified: 2013-08-29 13:03 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-29 13:03:23 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
'Screenshot from 2013-08-29 17:36:53.png' (121.29 KB, image/png)
2013-08-29 05:53 EDT, qianzhan
no flags Details

  None (edit)
Description qianzhan 2013-08-29 05:50:11 EDT
Description of problem:
Client can auto-attach the subscriptions with disabled certv3 from SAM server candlepin.

Version-Release number of selected component (if applicable):
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-certs-tools-1.4.2-2.el6sat.noarch
katello-cli-1.4.3-8.el6sat.noarch
katello-cli-common-1.4.3-8.el6sat.noarch
katello-common-1.4.3-9.el6sam_splice.noarch
katello-configure-1.4.4-3.el6sat.noarch
katello-glue-candlepin-1.4.3-9.el6sam_splice.noarch
katello-glue-elasticsearch-1.4.3-9.el6sam_splice.noarch
katello-headpin-1.4.3-9.el6sam_splice.noarch
katello-headpin-all-1.4.3-9.el6sam_splice.noarch
katello-selinux-1.4.4-2.el6sat.noarch
signo-katello-0.0.20-1.el6sat.noarch
candlepin-0.8.21-1.el6sam.noarch
candlepin-scl-1-5.el6_4.noarch
candlepin-scl-quartz-2.1.5-5.el6_4.noarch
candlepin-scl-rhino-1.7R3-1.el6_4.noarch
candlepin-scl-runtime-1-5.el6_4.noarch
candlepin-selinux-0.8.21-1.el6sam.noarch
candlepin-tomcat6-0.8.21-1.el6sam.noarch
thumbslug-0.0.32-1.el6sam.noarch
thumbslug-selinux-0.0.32-1.el6sam.noarch
subscription-manager: 1.8.21-1.el5
python-rhsm: 1.8.17-1.el5

How reproducible:
always

Steps to Reproduce:
1. Disable certv3 support from SAM candlepin.
[root@samserv tmp]# cat /etc/candlepin/candlepin.conf | grep v3
candlepin.enable_cert_v3=false

2. Register client to candlepin with auto-attach option.
[root@dhcp-65-69 ~]# subscription-manager register --auto-attach
Username: admin
Password: 
The system has been registered with ID: 394ee413-4f88-43e8-85ad-a628261d7359 
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Server
Status:       Subscribed

3. Check the version of entitlement cert:
[root@dhcp-65-69 ~]# ls /etc/pki/entitlement/
1480191744767772808-key.pem  1480191744767772808.pem

[root@dhcp-65-69 ~]# rct cat-cert /etc/pki/entitlement/1480191744767772808.pem 

+-------------------------------------------+
	Entitlement Certificate
+-------------------------------------------+

Certificate:
	Path: /etc/pki/entitlement/1480191744767772808.pem
	Version: 3.2
	Serial: 1480191744767772808
	Start Date: 2013-06-04 04:00:00+00:00
	End Date: 2014-06-04 03:59:59+00:00
	Pool ID: 8ac28dc740b8b3d40140c8d67e9c0a9f

Subject:
	CN: 8ac28dc740cd94030140cdb5b9e9029b

4. Unregister, Open subscription-manager-gui and register with auto-attach.
Registration and auto-attach are successful. Please see attachment 'Screenshot from 2013-08-29 17:36:53.png'

5. Check the version of entitlement cert:
[root@dhcp-65-69 ~]# ls /etc/pki/entitlement/
1825428854082496952-key.pem  1825428854082496952.pem
[root@dhcp-65-69 ~]# rct cat-cert /etc/pki/entitlement/1825428854082496952.pem 

+-------------------------------------------+
	Entitlement Certificate
+-------------------------------------------+

Certificate:
	Path: /etc/pki/entitlement/1825428854082496952.pem
	Version: 3.2
	Serial: 1825428854082496952
	Start Date: 2013-06-04 04:00:00+00:00
	End Date: 2014-06-04 03:59:59+00:00
	Pool ID: 8ac28dc740b8b3d40140c8d67edf0ac4

Subject:
	CN: 8ac28dc740cd94030140cdb9491402a7


Actual results:
As above.

Expected results:
Client could not auto-attach the subscriptions with disabled certv3 from SAM server candlepin.

Additional info:
Comment 1 qianzhan 2013-08-29 05:53:27 EDT
Created attachment 791663 [details]
'Screenshot from 2013-08-29 17:36:53.png'
Comment 2 Bryan Kearney 2013-08-29 13:03:23 EDT
this setting is now ignored since the assumption is that all candlepins which are out can handle the certificates correctly.

Note You need to log in before you can comment on or make changes to this bug.