RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2183547 - PrettyPrintCert does not properly translate AIA information into a readable format
Summary: PrettyPrintCert does not properly translate AIA information into a readable f...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core
Version: 7.6
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: rc
: ---
Assignee: RHCS Maintainers
QA Contact: idm-cs-qe-bugs
URL:
Whiteboard:
Depends On:
Blocks: 2184930 2203136
TreeView+ depends on / blocked
 
Reported: 2023-03-31 15:08 UTC by Chris Zinda
Modified: 2023-05-11 10:05 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 2184930 2203136 (view as bug list)
Environment:
Last Closed: 2023-05-11 10:05:28 UTC
Target Upstream Version:
Embargoed:
pm-rhel: mirror+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-153760 0 None None None 2023-03-31 15:09:24 UTC

Description Chris Zinda 2023-03-31 15:08:32 UTC 
Description of problem:
PrettyPrintCert on rhel7.* - rhel9.* does not properly translate the AIA information into a readable format.  OpenSSL and the pp tool both do this properly.



$ PrettyPrintCert test.cer 
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0xE
            Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
            Issuer: CN=Certificate Authority, O=UsersysRedhat Domain
            Validity: 
                Not Before: Friday, March 7, 2008 at 6:47:46 PM Eastern Standard Time America/New_York
                Not  After: Wednesday, September 3, 2008 at 7:47:46 PM Eastern Daylight Time America/New_York
            Subject: CN=ipa-pki-demo.usersys.redhat.com, DC=redhat, DC=com
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (1024 bits) :
                        DA:4F:12:D5:83:3F:9A:A3:98:03:B0:C4:BF:F8:CB:47:
                        58:64:06:47:1C:49:C7:B1:47:FB:8F:98:1D:7B:A0:29:
                        49:0F:C9:2F:0B:84:49:62:C1:53:6E:AC:E1:42:8C:7D:
                        A5:93:BE:F3:78:80:1E:DC:1E:B4:7D:D1:E9:27:8A:D5:
                        3A:E1:1E:70:3D:88:CA:EA:8C:18:B7:74:B1:BE:02:66:
                        34:59:52:85:C0:8E:F6:7E:62:26:CB:70:0F:C8:3A:5E:
                        C6:E5:4E:00:CB:2A:56:BC:5C:69:C6:5C:E5:47:76:0A:
                        7C:AA:21:5D:C0:C7:15:52:90:38:C1:C5:F6:7C:DE:69
            Extensions: 
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:
                        BD:ED:61:2D
                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:41:30:3F:06:08:2B:06:01:05:05:07:30:01:86:33:
                        68:74:74:70:3A:2F:2F:69:70:61:2D:70:6B:69:2D:64:
                        65:6D:6F:2E:75:73:65:72:73:79:73:2E:72:65:64:68:
                        61:74:2E:63:6F:6D:3A:39:30:38:30:2F:63:61:2F:6F:
                        63:73:70
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                        Key Encipherment 
                        Data Encipherment 
                Identifier: Extended Key Usage: - 2.5.29.37
                    Critical: no 
                    Extended Key Usage: 
                        1.3.6.1.5.5.7.3.1
        Signature: 
            Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
            Signature: 
                2F:D4:4F:A8:E0:43:26:A8:F6:31:11:CC:7B:D4:64:59:
                84:64:00:44:D2:56:BB:81:4F:51:3D:C6:6C:27:A9:32:
                97:3F:0E:DB:B6:EA:6D:72:E5:12:AA:E5:9E:2F:04:AF:
                43:52:80:B2:FD:04:D7:00:F2:88:60:42:4D:D2:31:1B:
                DB:32:08:A2:39:F9:F6:98:9E:C7:49:34:B1:C1:91:1C:
                B4:80:CE:64:CA:7D:18:02:27:DE:C9:C7:04:83:A1:19:
                64:06:C4:FB:96:41:81:FE:59:B7:31:63:F3:DD:19:BA:
                A1:E2:E5:F4:D6:D5:51:50:C5:8E:2E:5F:35:CA:25:B1:
                9F:B1:CD:55:5C:54:AD:EB:4D:D6:E5:AF:A9:45:F8:54:
                89:FD:05:8C:33:57:A4:DA:97:FD:17:EF:A9:59:E4:29:
                DA:EC:70:1C:75:D1:2C:AE:D0:19:EF:85:86:16:86:43:
                01:8A:AE:BD:61:C6:64:8D:90:03:2A:94:1F:8C:CD:5A:
                E6:BF:4D:79:D1:BC:CC:2B:6A:E3:E9:61:6C:D6:31:DD:
                8F:4C:F2:A5:21:8F:BD:DC:75:7F:76:AA:A0:CE:39:67:
                34:1B:03:3D:3C:F7:CA:F6:F2:7D:E7:5F:21:4E:0B:C7:
                65:A4:7A:22:39:EB:2B:40:89:BF:DD:C9:60:46:31:B8
        FingerPrint
            MD2:
                22:4E:8B:CC:9F:DA:45:FC:3D:F0:ED:AC:81:44:13:40
            MD5:
                E8:BB:81:05:EB:26:8A:6C:75:E6:3C:D5:63:96:55:6E
            SHA-1:
                A6:79:AF:63:ED:94:AD:0C:F2:0A:FE:8A:82:FB:F1:C4:
                8E:B5:2F:E8
            SHA-256:
                A8:93:5A:C8:FD:5F:0B:AF:A1:2C:92:A7:F5:F0:81:02:
                A2:70:40:E4:21:88:73:3D:66:4D:36:AA:8D:84:BB:CE
            SHA-512:
                06:28:29:38:EC:92:A9:10:C7:10:79:35:4F:4F:02:8B:
                9C:38:9D:30:B3:A0:15:2C:30:58:7D:13:7E:A4:9C:1E:
                F9:C5:34:2B:66:95:6E:F4:63:74:DB:ED:BD:EC:3F:2E:
                E0:85:B7:E6:81:C2:CC:8D:73:AD:1F:D7:FA:91:7A:B0


Version-Release number of selected component (if applicable):
pki-core all versions

How reproducible:
Very

Steps to Reproduce:
1. Install pki-tools
2. Run PrettyPrintCert against a certificate with AIA information


Actual results:
The Value field should be translated.  Below is from PrettyPrintCert

                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:41:30:3F:06:08:2B:06:01:05:05:07:30:01:86:33:
                        68:74:74:70:3A:2F:2F:69:70:61:2D:70:6B:69:2D:64:
                        65:6D:6F:2E:75:73:65:72:73:79:73:2E:72:65:64:68:
                        61:74:2E:63:6F:6D:3A:39:30:38:30:2F:63:61:2F:6F:
                        63:73:70


Below is from openssl

            X509v3 Authority Key Identifier: 
                1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:BD:ED:61:2D
            Authority Information Access: 
                OCSP - URI:http://ipa-pki-demo.usersys.redhat.com:9080/ca/ocsp

Expected results:

            X509v3 Authority Key Identifier: 
                1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:BD:ED:61:2D
            Authority Information Access: 
                OCSP - URI:http://ipa-pki-demo.usersys.redhat.com:9080/ca/ocsp


Additional info:
Note You need to log in before you can comment on or make changes to this bug.