Bug 1246494 - [PKI] enforce utf-8 subject for openssl
Summary: [PKI] enforce utf-8 subject for openssl
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: oVirt
Classification: Retired
Component: ovirt-engine-core
Version: 3.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3.5.4
Assignee: Alon Bar-Lev
QA Contact: Jiri Belka
URL:
Whiteboard: infra
Depends On:
Blocks: 1245230
TreeView+ depends on / blocked
 
Reported: 2015-07-24 12:58 UTC by Alon Bar-Lev
Modified: 2016-02-10 19:30 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-09-03 13:54:20 UTC
oVirt Team: Infra
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1258370 1 None None None 2021-01-20 06:05:38 UTC
oVirt gerrit 43964 0 master MERGED pki: ca: enforce utf-8 subject Never
oVirt gerrit 43965 0 ovirt-engine-3.5 MERGED pki: ca: enforce utf-8 subject Never
oVirt gerrit 44750 0 ovirt-engine-3.5.4 MERGED pki: ca: enforce utf-8 subject Never

Internal Links: 1258370

Description Alon Bar-Lev 2015-07-24 12:58:59 UTC 
Yet another legacy issue. By default openssl ca use ANSI and not UTF-8 to encode subject name.

The result is UTF8STRING in both cases, but the actual character encoding differs.
Comment 1 Alon Bar-Lev 2015-08-12 10:25:46 UTC 
if we can, this is trivial and truly important for 3.5.4.
Comment 2 Moran Goldboim 2015-08-13 13:56:09 UTC 
fix introduced a bit late for 3.5.4, in case we respin we'll take it in.
Comment 3 Jiri Belka 2015-08-24 10:05:01 UTC 
ok, rhevm-backend-3.5.4.2-1.3.el6ev.noarch

# grep utf /usr/share/ovirt-engine/bin/pki-*.sh
/usr/share/ovirt-engine/bin/pki-create-ca.sh:                   -utf8 \
/usr/share/ovirt-engine/bin/pki-enroll-request.sh:              -utf8 \
Comment 4 Sandro Bonazzola 2015-09-03 13:54:20 UTC 
This is an automated message.
oVirt 3.5.4 has been released on September 3rd 2015 and should include the fix for this BZ. Moving to closed current release.
Note You need to log in before you can comment on or make changes to this bug.