Feature #12272
closed
Support for multiple certificates in ca.crt for oVirt
Description
In app/models/compute_resources/foreman/model/ovirt.rb ca_cert_store() function stores retrieved ca.crt in OpenSSL::X509::Store object.
The problem is, OpenSSL::X509::Certificate.new(cert) only takes into account the last certificate in cert.
If cert contains more than one certificate (which is quite common on production systems these days), only last certificate in the chain will be added to the store, and SSL verification in oVirt will not work.
This blocks the Foreman usage with RHEV-M.
The code below fixed issue for me, though I'm not a real Ruby programmer and am sure there's better way to do this.
Main idea is certificates should be split and added to the OpenSSL::X509::Store one by one.
def ca_cert_store cert
return if cert.blank?
s = OpenSSL::X509::Store.new
splitcert = ""
cert_arr = []
i = 0
cert.each_line do |line|
splitcert += line
if line =~ /-----END [^\-]+-----/
cert_arr << splitcert
splitcert = ""
end
end
cert_arr.each do |c|
s.add_cert(OpenSSL::X509::Certificate.new(c.to_s))
end
s
end
I can send a pull request if the above approach is fine.
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by