677428 – ipa cert-request: invalid principal name allowed

Bug 677428 - ipa cert-request: invalid principal name allowed

Summary: ipa cert-request: invalid principal name allowed

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	freeIPA
Classification:	Retired
Component:	ipa-server
Sub Component:
Version:	2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Rob Crittenden
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-02-14 18:54 UTC by Yi Zhang
Modified:	2015-01-04 23:46 UTC (History)
CC List:	3 users (show)
Fixed In Version:	freeipa-2.1.0-1.fc15
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-03-28 09:27:23 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Yi Zhang 2011-02-14 18:54:34 UTC

Description of problem:

This command success (and it should not)
-- note: principal name should not be "/FADN" format. it should be "serviceName/FQDN" format

[yi@works4me ipa-cert]$ ipa cert-request  ./autocert.1077.request.csr --request-type=pkcs10 --principal=/works4me.sjc.redhat.com --add
  Certificate: MIIDgjCCAmqgAwIBAgIBKzANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5TSkMuUkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTExMDIxNDE4NDU1OFoXDTExMDgxMzE4NDU1OFowOzEXMBUGA1UEChMOU0pDLlJFREhBVC5DT00xIDAeBgNVBAMTF3dvcmtzNG1lLnNqYy5yZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEltxKKxTuCEP6JDCBb8Y163C58LVbANlqmsmhsaxTZkZKDncdtPGzFa4HHDuCC8zKJt2chRhMCx48n3yVxSq7L/D8bpR2Ypl+d5MeMrVTpHP1MjghpdcEOTXmYM72CS7uCfWEgx/APe2H+hw9mleBwrX0CO54Ti4azYqWP+5csq3ttx5rWYtQOB+7gDwmf9qjyBL91ziMH7dPk1XEfvonM4Njv9gyNAbMEX9h4WB/tGD+e/2jdTFWQnNgZtBV7wehS1TIN+Ocn0kaay2q5QakIrEISfyNkEeCgQUhduKbP7ZbY02SBOm9Qq76T64lHhxpe2nOiF3m+E88sSd327QwIDAQABo4GSMIGPMB8GA1UdIwQYMBaAFIfvs7dDyNGBz3XwFyLxS7BamhTgMEcGCCsGAQUFBwEBBDswOTA3BggrBgEFBQcwAYYraHR0cDovL3dvcmtzNG1lLnNqYy5yZWRoYXQuY29tOjkxODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAJckvZX7HBHWQXhXYU2JmKpNOb3O4LhbslD3L2eLxf263zV3HNJUrgqV5K4BxigPB0MakWWuINUbQyxUz+HZ7/pDzaRfIAClNvKJ2jPqwXhdx4JUcsgskcLe4QIZXX+o81tictEzLbVIIO1V2YuluFi8gZVDw+iGoTKbvFZZT8+MoBDe0DHQ3COwwLA5JSwjTUZLXuRC8LIcUM+b1aUZRp8ywHqRkAqnknICuHMhqhYSheOfLUo1qvsvr5F7crUk3JKRAFYITriKXz41mM3RfzjR2h1y5hih6Tet8PAXUpW+27zQqPBGWUdxWP+82uiCPKi/lH7+/EomG1quZYrkzuE=
  Subject: CN=works4me.sjc.redhat.com,O=SJC.REDHAT.COM
  Issuer: CN=Certificate Authority,O=SJC.REDHAT.COM
  Not Before: Mon Feb 14 18:45:58 2011 UTC
  Not After: Sat Aug 13 18:45:58 2011 UTC
  Fingerprint (MD5): fc:b1:3c:85:10:0a:be:9b:9f:a1:41:17:c7:32:b8:f9
  Fingerprint (SHA1): 3a:f5:43:ac:e8:8e:ab:26:d0:85:aa:3a:06:a9:50:be:ca:e4:10:a3
  Serial number: 43

Version-Release number of selected component (if applicable):freeipa-server-2.0-0.2011020119gitec59e61.fc14.i686


How reproducible: always

Comment 1 Rob Crittenden 2011-02-14 19:00:12 UTC

https://fedorahosted.org/freeipa/ticket/961

Comment 2 Rob Crittenden 2011-02-15 20:47:59 UTC

empty services are no longer allowed.

master: f558ffe294ef451c0105127a67b6c8609f1ea2c2

Note You need to log in before you can comment on or make changes to this bug.