This update fixes the assumption that a certificate was invalid if the file name did not use the extension .pem. This resulted in valid certificates being marked as invalid. This has been changed so that an attempt is made with the certificate and it is only marked as invalid after it has failed. This means that a certificate with any extension can be used and the file name no longer needs to end in .pem.
Created attachment 590843[details]
Make rhui.common.cert_utils.entitlements_in_cert catching X509.X509Error, etc.
Description of problem:
Current implementation of rhui-manager does not look allowing RHUI
entitlement certificates w/ extensions other than ".pem" and such
certificates are silently ignored and skipped.
That is, the following will be an error even if given file is correct
RHUI entitlement certificate:
# rhui-manager cert upload --cert rhua-entitlement-cert.txt
^^^
IMHO, rhui-manager should allow files w/ any extensions and
I made a series of patches implement this (not tested).
Version-Release number of selected component (if applicable):
rh-rhui-tools-2.0.64-1.el6_2
Created attachment 590852[details]
Ensure valid certificates contain entitlements copied w/ '.pem' extension is added and not skipped during certs reload
I tested _normalize_ext() as follows:
$ nosetests --verbose --with-doctest src/rhui/tools/cert_manager.py
Please hold off on committing this patch into RHUI.
We are considering moving to the RHSM certificate.py implementation in RHUI 2.1.3. If we do move to that certificate implementation we can re-evaluate this BZ afterwards and see if work is needed to no longer require a .pem extension.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
http://rhn.redhat.com/errata/RHBA-2013-1854.html
Created attachment 590843 [details] Make rhui.common.cert_utils.entitlements_in_cert catching X509.X509Error, etc. Description of problem: Current implementation of rhui-manager does not look allowing RHUI entitlement certificates w/ extensions other than ".pem" and such certificates are silently ignored and skipped. That is, the following will be an error even if given file is correct RHUI entitlement certificate: # rhui-manager cert upload --cert rhua-entitlement-cert.txt ^^^ IMHO, rhui-manager should allow files w/ any extensions and I made a series of patches implement this (not tested). Version-Release number of selected component (if applicable): rh-rhui-tools-2.0.64-1.el6_2