Bug 1629624 - router extended validation rejects EC private keys
Summary: router extended validation rejects EC private keys
Keywords:
Status: CLOSED DUPLICATE of bug 1723400
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.9.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.3.0
Assignee: Dan Mace
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-09-17 08:21 UTC by Borja Aranda
Modified: 2022-08-04 22:20 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-10-11 16:02:42 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Borja Aranda 2018-09-17 08:21:18 UTC 
Description of problem:
The router process rejects EC PRIVATE KEY with the format:

~~~
-----BEGIN EC PRIVATE KEY-----
           ...
-----END EC PRIVATE KEY-----
~~~

This is because this format is not contemplated in:
https://github.com/openshift/origin/blob/master/pkg/route/controller/routeapihelpers/validation.go#L80-L92

Version-Release number of selected component (if applicable):
All OCP versions

How reproducible:
Always

Steps to Reproduce:
1. Create a route with an EC PRIVATE KEY and cert in a router with extended validation enabled (it's enabled by default)
Comment 2 Dan Mace 2018-10-08 15:02:05 UTC 
Moving this out to 4.x; we're unable to commit to a change in 3.11.
Comment 3 Dan Mace 2019-10-11 16:02:42 UTC 
We ended up fixing this in 1723400 and didn't realize this bug precedes 1723400. Since we actually worked 1723400, I'm going to close this bug as a duplicate of the newer bug. I hope that makes sense!

*** This bug has been marked as a duplicate of bug 1723400 ***
Note You need to log in before you can comment on or make changes to this bug.