Bug 462411 - certificate request wizard returns an error
Summary: certificate request wizard returns an error
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: UI - Configuration
Version: 7.1
Hardware: All
OS: Other
high
high
Target Milestone: ---
: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
: 468123 (view as bug list)
Depends On:
Blocks: 249650 FDS1.2.0
TreeView+ depends on / blocked
 
Reported: 2008-09-16 00:37 UTC by Ulf Weltman
Modified: 2018-10-20 02:58 UTC (History)
6 users (show)

Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-04-29 23:06:27 UTC
Target Upstream Version:


Attachments (Terms of Use)
diffs - adminutil (5.75 KB, patch)
2008-12-02 23:26 UTC, Rich Megginson
no flags Details | Diff
diffs - adminserver (1.15 KB, patch)
2008-12-02 23:26 UTC, Rich Megginson
no flags Details | Diff

Description Ulf Weltman 2008-09-16 00:37:11 UTC
With 7.1SP7 it seems the CGI that processes certificate requests broke, at the end of the certificate request wizard it says "Unable to convert DN to certificate name."
Don't know if this only occurs on HP-UX.

Comment 2 Rich Megginson 2008-12-02 23:26:18 UTC
Created attachment 325446 [details]
diffs - adminutil

Comment 3 Rich Megginson 2008-12-02 23:26:46 UTC
Created attachment 325447 [details]
diffs - adminserver

Comment 4 Rich Megginson 2008-12-02 23:28:51 UTC
Public Description:
With DS 1.1 (using adminutil 1.1.7) the CGI that processes certificate requests broke, at the end of the certificate request wizard it says "Unable to convert DN to certificate name."

Comment 5 Rich Megginson 2008-12-03 17:35:10 UTC
Reviewed by: nkinder (Thanks!)
Fix Description: This was broken as part of the fix for the XSS issues. To fix that, in order to make sure we never displayed any string that contained unescaped HTML entities, we just go ahead and escape everything when we read the values from the CGI GET or POST arguments.   For this particular bug, this meant the cert CGI was getting a DN like this: CN="ldap.example.com" instead of CN="ldap.example.com".  The solution is to add some functions to adminutil (stolen from dsgw) that can be used to escape/unescape HTML entities.  We have to be careful never to display unescaped strings - in this particular case, the DN is never printed.
Platforms tested: RHEL5
Flag Day: yes - will require new adminutil, adminserver
Doc impact: no

RCS file: /cvs/dirsec/adminutil/include/libadminutil/admutil.h,v
+++ admutil.h	3 Dec 2008 17:31:26 -0000	1.10
RCS file: /cvs/dirsec/adminutil/lib/libadminutil/form_post.c,v
+++ form_post.c	3 Dec 2008 17:31:26 -0000	1.11
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v
+++ security.c	3 Dec 2008 17:32:17 -0000	1.16

Comment 6 Jenny Severance 2009-02-27 15:27:28 UTC
With DS 8.1 am can successfully complete a certificate request- Is this all that is needed to verify this bug?

Comment 7 Rich Megginson 2009-03-11 23:04:36 UTC
yes

Comment 8 Jenny Severance 2009-03-12 11:52:21 UTC
fix verified RHEL 5 DS 8.1

Comment 9 Jenny Severance 2009-03-16 13:28:14 UTC
*** Bug 468123 has been marked as a duplicate of this bug. ***

Comment 10 Chandrasekar Kannan 2009-04-29 23:06:27 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html


Note You need to log in before you can comment on or make changes to this bug.