First Last Prev Next    This bug is not in your last search results.
Bug 587753 - subscription-manager shouldn't use an ssl peer cert on register
subscription-manager shouldn't use an ssl peer cert on register
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: subscription-manager (Show other bugs)
6.1
All Linux
low Severity medium
: alpha
: ---
Assigned To: Pradeep Kilambi
Brock Organ
:
Depends On:
Blocks: 568421
  Show dependency treegraph
 
Reported: 2010-04-30 15:19 EDT by James Bowes
Modified: 2013-01-10 05:06 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-05-19 09:36:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2011:0611 normal SHIPPED_LIVE new package: subscription-manager 2011-05-18 13:56:21 EDT

  None (edit)
Description James Bowes 2010-04-30 15:19:37 EDT 
Description of problem:

1. deploy a standalone candlepin, and configure subscription manager to use it
2. run subscription-manager-cli register
   (you now have /etc/pki/consumer/*.pem files)
3. redeploy your standalone candlepin, with FORCECERT=1
4. run subscription-manager-cli register --force
   you'll get an ssl error.

sm sees that there's a peer cert, and loads it up for use, regardless of the command running. sm should not use the cert for a register command (just like initial registration). Alternatively, sm could detect a peer verify fail, and retry without the cert.


This will happen when switching from cert-fte to standalone, too.
Comment 1 Adrian Likins 2010-07-12 15:28:37 EDT 
Potential fix sent to prad/jortel.
Comment 2 Bryan Kearney 2010-08-03 16:49:41 EDT 
THis is fixed with the new secure/insecure mode.
Comment 5 wes hayutin 2010-08-09 18:30:23 EDT 
[root@client01-rhel6-beta2 src]# ./subscription-manager-cli register --username=testuser1 --pass=password
506d9744-cf00-4717-830e-1be2193f1733 testuser1

Redeploy

[root@client01-rhel6-beta2 src]# ./subscription-manager-cli register --username=testuser1 --pass=password --force
0c1a5575-bdea-442d-8333-3241886d7ce4 testuser1
[root@client01-rhel6-beta2 src]# 

verified
Comment 6 errata-xmlrpc 2011-05-19 09:36:44 EDT 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2011-0611.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.