Red Hat Bugzilla – Bug 587753
subscription-manager shouldn't use an ssl peer cert on register
Last modified: 2013-01-10 05:06:11 EST
Description of problem:
1. deploy a standalone candlepin, and configure subscription manager to use it
2. run subscription-manager-cli register
(you now have /etc/pki/consumer/*.pem files)
3. redeploy your standalone candlepin, with FORCECERT=1
4. run subscription-manager-cli register --force
you'll get an ssl error.
sm sees that there's a peer cert, and loads it up for use, regardless of the command running. sm should not use the cert for a register command (just like initial registration). Alternatively, sm could detect a peer verify fail, and retry without the cert.
This will happen when switching from cert-fte to standalone, too.
Potential fix sent to prad/jortel.
THis is fixed with the new secure/insecure mode.
[root@client01-rhel6-beta2 src]# ./subscription-manager-cli register --username=testuser1 --pass=password
[root@client01-rhel6-beta2 src]# ./subscription-manager-cli register --username=testuser1 --pass=password --force
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.