Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1588944 - Cert validation for installation with external CA cert [rhel-7.5.z]
Cert validation for installation with external CA cert [rhel-7.5.z]
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core (Show other bugs)
7.6
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Endi Sukma Dewata
Asha Akkiangady
Marc Muehlfeld
: TestCaseProvided, ZStream
Depends On: 1588655
Blocks:
  Show dependency treegraph
 
Reported: 2018-06-08 03:28 EDT by Oneata Mircea Teodor
Modified: 2018-06-26 12:48 EDT (History)
4 users (show)

See Also:
Fixed In Version: pki-core-10.5.1-13.1.el7_5
Doc Type: Bug Fix
Doc Text:
The *pkispawn* utility now validates the path to external CA certificates during installation Previously, during the installation of Certificate System using an external certificate authority certificate, the *pkispawn* utility did not validate the path to the certificate. If the path was incorrect, the following error was logged in the CA's debug log: CertInfoProfile: Unable to populate certificate: Unable to get ca certificate: Unable to initialize, java.io.IOException: DerInput.getLength(): lengthTag=9, too big. With this update, *pkispawn* validates the path to the certificate. As a result, *pkispawn* now reports a meaningful error message.
Story Points: ---
Clone Of: 1588655
Environment:
Last Closed: 2018-06-26 12:47:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:1979 None None None 2018-06-26 12:48 EDT

  None (edit)
Description Oneata Mircea Teodor 2018-06-08 03:28:24 EDT 
This bug has been copied from bug #1588655 and has been proposed to be backported to 7.5 z-stream (EUS).
Comment 2 Matthew Harmsen 2018-06-08 11:49:29 EDT 
Endi Sukma Dewata 2018-06-07 12:52:42 EDT

The fix is already available in 10.5 branch:
https://github.com/dogtagpki/pki/commit/313c701957bedfd59f7f6368d0c37d2928d1a4a1
Comment 5 Geetika Kapoor 2018-06-13 13:26:58 EDT 
Test Env:
=======


rpm -qa pki-*
pki-symkey-10.5.1-13.1.el7_5.x86_64
pki-core-debuginfo-10.5.1-13.1.el7_5.x86_64
pki-base-10.5.1-13.1.el7_5.noarch
pki-console-10.5.1-5.el7pki.noarch
pki-server-10.5.1-13.1.el7_5.noarch
pki-tps-10.5.1-12.el7pki.x86_64
pki-kra-10.5.1-13.1.el7_5.noarch
pki-tools-10.5.1-13.1.el7_5.x86_64
pki-tks-10.5.1-12.el7pki.noarch
pki-javadoc-10.5.1-13.1.el7_5.noarch
pki-base-java-10.5.1-13.1.el7_5.noarch
pki-usgov-dod-cacerts-0.0.6-4.el7.noarch
pki-ca-10.5.1-13.1.el7_5.noarch
pki-ocsp-10.5.1-12.el7pki.noarch


Test Steps:
==========

1. perform 2 step external CA installation procedure and make sure it works .
2. With any failures in csr, certificate (ca_signing or external certificate) correct error message is logged.
Comment 7 errata-xmlrpc 2018-06-26 12:47:59 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1979
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.