Description of problem: The subscription-manager import function is intended for entitlement certs and in the past has recognized attempts to import a consumer cert and would properly catch the non-entitlement cert and report an error as expected. In today's build. the attempt to import a consumer cert appears to succeed when it should fail. This is a Regression from past releases. Version-Release number of selected component (if applicable): [root@jsefler-rhel59 ~]# rpm -q subscription-manager python-rhsm subscription-manager-1.0.11-1.git.3.b3c4a8b.el5 python-rhsm-1.0.4-1.git.6.19a55da.el5 How reproducible: Steps to Reproduce: [root@jsefler-rhel59 ~]# subscription-manager register --username testuser1 --password password --org admin The system has been registered with id: aa2cbac7-3b78-4ce5-848d-22cd84930ab8 [root@jsefler-rhel59 ~]# cat /etc/pki/consumer/cert.pem > /tmp/cert.pem && cat /etc/pki/consumer/key.pem >> /tmp/cert.pem [root@jsefler-rhel59 ~]# subscription-manager unregister System has been un-registered. [root@jsefler-rhel59 ~]# subscription-manager import --certificate /tmp/cert.pem Successfully imported certificate cert.pem ^^^^^^^^^^^^ DID NOT EXPECT THIS Successful RESULT. EXPECTED: cert.pem is not a valid certificate file. Please use a valid certificate. [root@jsefler-rhel59 ~]# subscription-manager list --consumed +-------------------------------------------+ Consumed Subscriptions +-------------------------------------------+ 'IdentityCertificate' object has no attribute 'order' ^^^^^^^^^^^^ THIS IS A WEIRD CONSEQUENCE OF NOT CATCHING THE ATTEMPT TO IMPORT A NON-ENTITLEMENT CERTIFICATE. Actual results: Successfully imported certificate cert.pem Expected results: cert.pem is not a valid certificate file. Please use a valid certificate. Additional info:
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Fixed in subscription-manager master: b0d030ee382aaeeb33d83ef6176c1843673653da Coming in: subscription-manager-1.0.12-1
Marking verified!! Verifying version: [root@dhcp201-115 ~]# rpm -qa | grep subscription-manager subscription-manager-migration-data-1.11.2.2-1.git.2.c3c8e22.el5 subscription-manager-1.0.11-1.git.18.251f393.el5 subscription-manager-gui-1.0.11-1.git.18.251f393.el5 subscription-manager-firstboot-1.0.11-1.git.18.251f393.el5 subscription-manager-migration-1.0.11-1.git.18.251f393.el5 [root@dhcp201-115 ~]# cat /etc/pki/consumer/cert.pem > /tmp/cert.pem && cat /etc/pki/consumer/key.pem >> /tmp/cert.pem [root@dhcp201-115 ~]# subscription-manager import --certificate /tmp/cert.pem cert.pem is not a valid certificate file. Please use a valid certificate. [root@dhcp201-115 ~]# subscription-manager list --consumed No consumed subscription pools to list
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0033.html