Project

General

Profile

Bug #18040

Certificates with OU= give an error when listing smart-proxy cert list.

Added by Stefan Goethals over 6 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Category:
PuppetCA
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

When a certificate containing an OU (possibly any other field than CN) is signed. An error occurs when viewing cert list page.

Possibly, the id of the certificate is not parsed correctly and ends up containing a '/' character which is not allowed.

The certificate could be parsed in the manner puppet does it https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/ssl.rb#L44 to avoid this issue.

Foreman_cert_stack.txt Foreman_cert_stack.txt 20.7 KB Stefan Goethals, 01/12/2017 04:04 AM

Related issues

Has duplicate Foreman - Bug #18240: foreman-proxy reports an error about the mcollective certificateDuplicate2017-01-25

Associated revisions

Revision 73633f3d (diff)
Added by Daniel Lobato Garcia over 6 years ago

Fixes #18040 - URL escape PuppetCA CN on proxy view

If the CN contains characters that cannot be displayed in an URL, like
'mcollective/OL=mcollective', the puppetca list will not be able to
render.

The reason is that Rails cannot generate an URL for such CNs, so we need
to convert it into URL-friendly style.

Revision 3552acf4 (diff)
Added by Daniel Lobato Garcia over 6 years ago

Fixes #18040 - URL escape PuppetCA CN on proxy view

If the CN contains characters that cannot be displayed in an URL, like
'mcollective/OL=mcollective', the puppetca list will not be able to
render.

The reason is that Rails cannot generate an URL for such CNs, so we need
to convert it into URL-friendly style.

(cherry picked from commit 73633f3db179f47a582b8ca2f31a9e430c10f4fb)

History

#1 Updated by Dominic Cleal over 6 years ago

  • Category set to PuppetCA

If you have the log of the error/stacktrace then it may help someone to fix the problem without trying to create a reproducer.

#3 Updated by The Foreman Bot over 6 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Daniel Lobato Garcia
  • Pull request https://github.com/theforeman/foreman/pull/4185 added

#4 Updated by Dominic Cleal over 6 years ago

  • Has duplicate Bug #18149: Puppet CA returns invalid certificates if using organizational units in the distinguished name added

#5 Updated by Dominic Cleal over 6 years ago

  • Has duplicate deleted (Bug #18149: Puppet CA returns invalid certificates if using organizational units in the distinguished name)

#6 Updated by Daniel Lobato Garcia over 6 years ago

  • Target version set to 169

#7 Updated by Dominic Cleal over 6 years ago

  • Has duplicate Bug #18240: foreman-proxy reports an error about the mcollective certificate added

#8 Updated by Anonymous over 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#9 Updated by Dominic Cleal over 6 years ago

  • Legacy Backlogs Release (now unused) set to 210

#10 Updated by Brad Buckingham over 6 years ago

  • Target version deleted (169)

#11 Updated by Daniel Lobato Garcia over 6 years ago

  • Target version set to 1.11.0

Also available in: Atom PDF