Bug #18040

Certificates with OU= give an error when listing smart-proxy cert list.

Added by Stefan Goethals 4 months ago. Updated 3 months ago.

Status:Closed
Priority:Normal
Assigned To:Daniel Lobato Garcia
Category:PuppetCA
Target version:Team Daniel - Iteration 9
Difficulty: Bugzilla link:
Found in release:1.13.3 Pull request:https://github.com/theforeman/foreman/pull/4185
Story points-
Velocity based estimate-
Release1.14.1Release relationshipAuto

Description

When a certificate containing an OU (possibly any other field than CN) is signed. An error occurs when viewing cert list page.

Possibly, the id of the certificate is not parsed correctly and ends up containing a '/' character which is not allowed.

The certificate could be parsed in the manner puppet does it https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/ssl.rb#L44 to avoid this issue.

Foreman_cert_stack.txt Magnifier (20.7 KB) Stefan Goethals, 01/12/2017 04:04 AM


Related issues

Duplicated by Foreman - Bug #18240: foreman-proxy reports an error about the mcollective cert... Duplicate 01/25/2017

Associated revisions

Revision 73633f3d
Added by Daniel Lobato Garcia 4 months ago

Fixes #18040 - URL escape PuppetCA CN on proxy view

If the CN contains characters that cannot be displayed in an URL, like
'mcollective/OL=mcollective', the puppetca list will not be able to
render.

The reason is that Rails cannot generate an URL for such CNs, so we need
to convert it into URL-friendly style.

History

#1 Updated by Dominic Cleal 4 months ago

  • Category set to PuppetCA

If you have the log of the error/stacktrace then it may help someone to fix the problem without trying to create a reproducer.

#3 Updated by The Foreman Bot 4 months ago

  • Status changed from New to Ready For Testing
  • Assigned To set to Daniel Lobato Garcia
  • Pull request https://github.com/theforeman/foreman/pull/4185 added

#4 Updated by Dominic Cleal 4 months ago

  • Duplicated by Bug #18149: Puppet CA returns invalid certificates if using organizational units in the distinguished name added

#5 Updated by Dominic Cleal 4 months ago

  • Duplicated by deleted (Bug #18149: Puppet CA returns invalid certificates if using organizational units in the distinguished name)

#6 Updated by Daniel Lobato Garcia 4 months ago

  • Target version set to Team Brad - Iteration 11

#7 Updated by Dominic Cleal 4 months ago

  • Duplicated by Bug #18240: foreman-proxy reports an error about the mcollective certificate added

#8 Updated by Anonymous 4 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#9 Updated by Dominic Cleal 4 months ago

  • Release set to 1.14.1

#10 Updated by Brad Buckingham 3 months ago

  • Target version deleted (Team Brad - Iteration 11)

#11 Updated by Daniel Lobato Garcia 3 months ago

  • Target version set to Team Daniel - Iteration 9

Also available in: Atom PDF