Red Hat Bugzilla – Bug 462411
certificate request wizard returns an error
Last modified: 2015-01-04 18:34:06 EST
With 7.1SP7 it seems the CGI that processes certificate requests broke, at the end of the certificate request wizard it says "Unable to convert DN to certificate name."
Don't know if this only occurs on HP-UX.
Created attachment 325446 [details]
diffs - adminutil
Created attachment 325447 [details]
diffs - adminserver
With DS 1.1 (using adminutil 1.1.7) the CGI that processes certificate requests broke, at the end of the certificate request wizard it says "Unable to convert DN to certificate name."
Reviewed by: nkinder (Thanks!)
Fix Description: This was broken as part of the fix for the XSS issues. To fix that, in order to make sure we never displayed any string that contained unescaped HTML entities, we just go ahead and escape everything when we read the values from the CGI GET or POST arguments. For this particular bug, this meant the cert CGI was getting a DN like this: CN="ldap.example.com" instead of CN="ldap.example.com". The solution is to add some functions to adminutil (stolen from dsgw) that can be used to escape/unescape HTML entities. We have to be careful never to display unescaped strings - in this particular case, the DN is never printed.
Platforms tested: RHEL5
Flag Day: yes - will require new adminutil, adminserver
Doc impact: no
RCS file: /cvs/dirsec/adminutil/include/libadminutil/admutil.h,v
+++ admutil.h 3 Dec 2008 17:31:26 -0000 1.10
RCS file: /cvs/dirsec/adminutil/lib/libadminutil/form_post.c,v
+++ form_post.c 3 Dec 2008 17:31:26 -0000 1.11
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v
+++ security.c 3 Dec 2008 17:32:17 -0000 1.16
With DS 8.1 am can successfully complete a certificate request- Is this all that is needed to verify this bug?
fix verified RHEL 5 DS 8.1
*** Bug 468123 has been marked as a duplicate of this bug. ***
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.