Bug 462411 - certificate request wizard returns an error
certificate request wizard returns an error
Status: CLOSED CURRENTRELEASE
Product: Red Hat Directory Server
Classification: Red Hat
Component: UI - Configuration (Show other bugs)
7.1
All Other
high Severity high
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
:
: 468123 (view as bug list)
Depends On:
Blocks: 249650 FDS1.2.0
  Show dependency treegraph
 
Reported: 2008-09-15 20:37 EDT by Ulf Weltman
Modified: 2015-01-04 18:34 EST (History)
6 users (show)

See Also:
Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-29 19:06:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diffs - adminutil (5.75 KB, patch)
2008-12-02 18:26 EST, Rich Megginson
no flags Details | Diff
diffs - adminserver (1.15 KB, patch)
2008-12-02 18:26 EST, Rich Megginson
no flags Details | Diff

  None (edit)
Description Ulf Weltman 2008-09-15 20:37:11 EDT
With 7.1SP7 it seems the CGI that processes certificate requests broke, at the end of the certificate request wizard it says "Unable to convert DN to certificate name."
Don't know if this only occurs on HP-UX.
Comment 2 Rich Megginson 2008-12-02 18:26:18 EST
Created attachment 325446 [details]
diffs - adminutil
Comment 3 Rich Megginson 2008-12-02 18:26:46 EST
Created attachment 325447 [details]
diffs - adminserver
Comment 4 Rich Megginson 2008-12-02 18:28:51 EST
Public Description:
With DS 1.1 (using adminutil 1.1.7) the CGI that processes certificate requests broke, at the end of the certificate request wizard it says "Unable to convert DN to certificate name."
Comment 5 Rich Megginson 2008-12-03 12:35:10 EST
Reviewed by: nkinder (Thanks!)
Fix Description: This was broken as part of the fix for the XSS issues. To fix that, in order to make sure we never displayed any string that contained unescaped HTML entities, we just go ahead and escape everything when we read the values from the CGI GET or POST arguments.   For this particular bug, this meant the cert CGI was getting a DN like this: CN="ldap.example.com" instead of CN="ldap.example.com".  The solution is to add some functions to adminutil (stolen from dsgw) that can be used to escape/unescape HTML entities.  We have to be careful never to display unescaped strings - in this particular case, the DN is never printed.
Platforms tested: RHEL5
Flag Day: yes - will require new adminutil, adminserver
Doc impact: no

RCS file: /cvs/dirsec/adminutil/include/libadminutil/admutil.h,v
+++ admutil.h	3 Dec 2008 17:31:26 -0000	1.10
RCS file: /cvs/dirsec/adminutil/lib/libadminutil/form_post.c,v
+++ form_post.c	3 Dec 2008 17:31:26 -0000	1.11
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v
+++ security.c	3 Dec 2008 17:32:17 -0000	1.16
Comment 6 Jenny Galipeau 2009-02-27 10:27:28 EST
With DS 8.1 am can successfully complete a certificate request- Is this all that is needed to verify this bug?
Comment 7 Rich Megginson 2009-03-11 19:04:36 EDT
yes
Comment 8 Jenny Galipeau 2009-03-12 07:52:21 EDT
fix verified RHEL 5 DS 8.1
Comment 9 Jenny Galipeau 2009-03-16 09:28:14 EDT
*** Bug 468123 has been marked as a duplicate of this bug. ***
Comment 10 Chandrasekar Kannan 2009-04-29 19:06:27 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html

Note You need to log in before you can comment on or make changes to this bug.