Description of problem: Client can auto-attach the subscriptions with disabled certv3 from SAM server candlepin. Version-Release number of selected component (if applicable): katello-candlepin-cert-key-pair-1.0-1.noarch katello-certs-tools-1.4.2-2.el6sat.noarch katello-cli-1.4.3-8.el6sat.noarch katello-cli-common-1.4.3-8.el6sat.noarch katello-common-1.4.3-9.el6sam_splice.noarch katello-configure-1.4.4-3.el6sat.noarch katello-glue-candlepin-1.4.3-9.el6sam_splice.noarch katello-glue-elasticsearch-1.4.3-9.el6sam_splice.noarch katello-headpin-1.4.3-9.el6sam_splice.noarch katello-headpin-all-1.4.3-9.el6sam_splice.noarch katello-selinux-1.4.4-2.el6sat.noarch signo-katello-0.0.20-1.el6sat.noarch candlepin-0.8.21-1.el6sam.noarch candlepin-scl-1-5.el6_4.noarch candlepin-scl-quartz-2.1.5-5.el6_4.noarch candlepin-scl-rhino-1.7R3-1.el6_4.noarch candlepin-scl-runtime-1-5.el6_4.noarch candlepin-selinux-0.8.21-1.el6sam.noarch candlepin-tomcat6-0.8.21-1.el6sam.noarch thumbslug-0.0.32-1.el6sam.noarch thumbslug-selinux-0.0.32-1.el6sam.noarch subscription-manager: 1.8.21-1.el5 python-rhsm: 1.8.17-1.el5 How reproducible: always Steps to Reproduce: 1. Disable certv3 support from SAM candlepin. [root@samserv tmp]# cat /etc/candlepin/candlepin.conf | grep v3 candlepin.enable_cert_v3=false 2. Register client to candlepin with auto-attach option. [root@dhcp-65-69 ~]# subscription-manager register --auto-attach Username: admin Password: The system has been registered with ID: 394ee413-4f88-43e8-85ad-a628261d7359 Installed Product Current Status: Product Name: Red Hat Enterprise Linux Server Status: Subscribed 3. Check the version of entitlement cert: [root@dhcp-65-69 ~]# ls /etc/pki/entitlement/ 1480191744767772808-key.pem 1480191744767772808.pem [root@dhcp-65-69 ~]# rct cat-cert /etc/pki/entitlement/1480191744767772808.pem +-------------------------------------------+ Entitlement Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/entitlement/1480191744767772808.pem Version: 3.2 Serial: 1480191744767772808 Start Date: 2013-06-04 04:00:00+00:00 End Date: 2014-06-04 03:59:59+00:00 Pool ID: 8ac28dc740b8b3d40140c8d67e9c0a9f Subject: CN: 8ac28dc740cd94030140cdb5b9e9029b 4. Unregister, Open subscription-manager-gui and register with auto-attach. Registration and auto-attach are successful. Please see attachment 'Screenshot from 2013-08-29 17:36:53.png' 5. Check the version of entitlement cert: [root@dhcp-65-69 ~]# ls /etc/pki/entitlement/ 1825428854082496952-key.pem 1825428854082496952.pem [root@dhcp-65-69 ~]# rct cat-cert /etc/pki/entitlement/1825428854082496952.pem +-------------------------------------------+ Entitlement Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/entitlement/1825428854082496952.pem Version: 3.2 Serial: 1825428854082496952 Start Date: 2013-06-04 04:00:00+00:00 End Date: 2014-06-04 03:59:59+00:00 Pool ID: 8ac28dc740b8b3d40140c8d67edf0ac4 Subject: CN: 8ac28dc740cd94030140cdb9491402a7 Actual results: As above. Expected results: Client could not auto-attach the subscriptions with disabled certv3 from SAM server candlepin. Additional info:
Created attachment 791663 [details] 'Screenshot from 2013-08-29 17:36:53.png'
this setting is now ignored since the assumption is that all candlepins which are out can handle the certificates correctly.