Bug 471928 - Tui should be able to choose cert automatically depending on hosted or satellite
Tui should be able to choose cert automatically depending on hosted or satellite
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: rhn-client-tools (Show other bugs)
5.3
All Linux
low Severity low
: rc
: ---
Assigned To: Pradeep Kilambi
Garik Khachikyan
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-17 13:24 EST by Sayli Karmarkar
Modified: 2015-01-04 16:56 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-02 07:21:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Sayli Karmarkar 2008-11-17 13:24:02 EST
Description of problem:
Goal is that the registration TUI will be smart enough to attempt to chose a
sslCert based on registering to RHN Hosted or a Satellite.  

For the Hosted case it should use /usr/share/rhn/RHNS-CA-CERT for the satellite case it should use /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT.  Note in the satellite case, the file RHN-ORG-TRUSTED-SSL-CERT may not exist, this is a best effort attempt, if the file doesn't exist then it should follow the normal method of prompting for a cert to use.

Version-Release number of selected component (if applicable):
rhn-client-tools-0.4.19-10.el5

Steps to Reproduce:
In config file -
1. Set serverUrl to hosted or satellite.
2. Set SSLCert to a file which doesn't exist.
3. rhn_register --nox
  
Actual results:
Fatal Error window: saying
 ERROR: can not find RHNS CA file:
 /usr/share/rhn/RHNS-CA-CERT.11.yrt
 
 Please verify the value of sslCACert
 in /etc/sysconfig/rhn/up2date
 

Expected results:
  if RHNS-CA-CERT exists in case of hosted or RHN-ORG-TRUSTED-SSL-CERT exists in  case of satellite and its valid, it should be able to change config file and be able to register with these default certs.
Comment 1 Sayli Karmarkar 2008-11-17 13:29:41 EST
Fix for bz: 442923 takes care of gui. Similar fix needs to be added for tui over here.
Comment 4 James Bowes 2009-06-04 12:59:36 EDT
commit 68bf294229... for this bug will overwrite any existing value you may have in the config upon running rhn_register, so if you've set it by hand in the file you're out of luck, or even if you want to use the file's default, when the code thinks you should use a different value, you're out of luck. This has been giving us problems when testing against internal environments.
Comment 8 Garik Khachikyan 2009-07-27 04:14:51 EDT
# FAILS QA

For the hosted case, when the URL in up2date config file can not be found it is not defaulting to the /usr/share/rhn/RHNS-CA-CERT file but instead gives an error:
---
ERROR: can not find RHNS CA file:
/usr/share/rhn/RHNS-CA-CERT.111

Please verify the value of sslCACert
in /etc/sysconfig/rhn/up2date
---
Comment 9 Garik Khachikyan 2009-07-27 04:16:06 EDT
Packages are:
rhn-client-tools-0.4.20-8.el5
rhn-setup-0.4.20-8.el5
Comment 11 Garik Khachikyan 2009-07-27 11:39:50 EDT
# VERIFIED

Sorry for misunderstanding the implemented solution, which is:
When the "sslCAcert=", i.e. is left empty, missing... then it fills with either RHNS-CA-CERT or RHN-ORG-TRUSTED-SSL-CERT (hosted or satellite).

It's working fine with the implementation:
1. Checked with empty value for hosted: fills properly with its default value after rhn_register TUI
2. Checked with empty value for satellite: fills properly with its default value after rhn_register TUI

Checked with: RHEL5.4-Client-20090715.0 (i386, x86_64);
RHEL5.4-Server-20090715.0 (i386, x86_64, ia64, s390x)
Package: yum-3.2.22-20.el5.noarch
Comment 13 errata-xmlrpc 2009-09-02 07:21:46 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1354.html

Note You need to log in before you can comment on or make changes to this bug.