1538896 – [3.7] Invalid entries in namedCertificates when using openshift_master_named_certificates

Bug 1538896 - [3.7] Invalid entries in namedCertificates when using openshift_master_named_certificates

Summary: [3.7] Invalid entries in namedCertificates when using openshift_master_named_...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.7.1
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	3.7.z
Assignee:	Russell Teague
QA Contact:	Johnny Liu
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-01-26 04:19 UTC by Russell Teague
Modified:	2018-04-05 09:36 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Alternative names in certificates were not being properly parsed. Consequence: Alternatives with 'email:' were being added as additional hostnames. Fix: Updated the logic to only add alternative names which begin with 'DNS:' Result: Proper parsing and updating of namedCertificates
Clone Of:	1502838
Environment:
Last Closed:	2018-04-05 09:36:18 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:0636	0	None	None	None	2018-04-05 09:36:45 UTC

Comment 1 Russell Teague 2018-01-26 16:21:44 UTC

Proposed: https://github.com/openshift/openshift-ansible/pull/6890

Comment 2 Russell Teague 2018-01-29 13:11:03 UTC

Fixed in openshift-ansible-3.7.27-1

Comment 4 Johnny Liu 2018-01-30 08:56:03 UTC

Verified this bug with openshift-ansible-3.7.27-1.git.0.ae95fc3.el7.noarch, and PASS.

# cat /etc/origin/master/master-config.yaml
<--snip-->
  namedCertificates:
  - certFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.crt
    keyFile: /etc/origin/master/named_certificates/cloudbeta.rio.gov.br.key
    names:
    - cloudbeta.rio.gov.br
<--snip-->

Comment 8 errata-xmlrpc 2018-04-05 09:36:18 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0636

Note You need to log in before you can comment on or make changes to this bug.