Bug #18040
Certificates with OU= give an error when listing smart-proxy cert list.
Description
When a certificate containing an OU (possibly any other field than CN) is signed. An error occurs when viewing cert list page.
Possibly, the id of the certificate is not parsed correctly and ends up containing a '/' character which is not allowed.
The certificate could be parsed in the manner puppet does it https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/ssl.rb#L44 to avoid this issue.
Related issues
Associated revisions
Fixes #18040 - URL escape PuppetCA CN on proxy view
If the CN contains characters that cannot be displayed in an URL, like
'mcollective/OL=mcollective', the puppetca list will not be able to
render.
The reason is that Rails cannot generate an URL for such CNs, so we need
to convert it into URL-friendly style.
(cherry picked from commit 73633f3db179f47a582b8ca2f31a9e430c10f4fb)
History
#1
Updated by Dominic Cleal over 6 years ago
- Category set to PuppetCA
If you have the log of the error/stacktrace then it may help someone to fix the problem without trying to create a reproducer.
#2
Updated by Stefan Goethals over 6 years ago
- File Foreman_cert_stack.txt Foreman_cert_stack.txt added
#3
Updated by The Foreman Bot over 6 years ago
- Status changed from New to Ready For Testing
- Assignee set to Daniel Lobato Garcia
- Pull request https://github.com/theforeman/foreman/pull/4185 added
#4
Updated by Dominic Cleal over 6 years ago
- Has duplicate Bug #18149: Puppet CA returns invalid certificates if using organizational units in the distinguished name added
#5
Updated by Dominic Cleal over 6 years ago
- Has duplicate deleted (Bug #18149: Puppet CA returns invalid certificates if using organizational units in the distinguished name)
#6
Updated by Daniel Lobato Garcia over 6 years ago
- Target version set to 169
#7
Updated by Dominic Cleal over 6 years ago
- Has duplicate Bug #18240: foreman-proxy reports an error about the mcollective certificate added
#8
Updated by Anonymous over 6 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 73633f3db179f47a582b8ca2f31a9e430c10f4fb.
#9
Updated by Dominic Cleal over 6 years ago
- Legacy Backlogs Release (now unused) set to 210
#10
Updated by Brad Buckingham over 6 years ago
- Target version deleted (
169)
#11
Updated by Daniel Lobato Garcia over 6 years ago
- Target version set to 1.11.0
Fixes #18040 - URL escape PuppetCA CN on proxy view
If the CN contains characters that cannot be displayed in an URL, like
'mcollective/OL=mcollective', the puppetca list will not be able to
render.
The reason is that Rails cannot generate an URL for such CNs, so we need
to convert it into URL-friendly style.