Bug #18040

Certificates with OU= give an error when listing smart-proxy cert list.

Added by Stefan Goethals over 1 year ago. Updated 8 days ago.

Status:Closed
Priority:Normal
Assignee:Daniel Lobato Garcia
Category:PuppetCA
Target version:1.14.1
Difficulty: Team Backlog:
Triaged: Fixed in Releases:
Bugzilla link: Found in Releases:1.13.3
Pull request:https://github.com/theforeman/foreman/pull/4185

Description

When a certificate containing an OU (possibly any other field than CN) is signed. An error occurs when viewing cert list page.

Possibly, the id of the certificate is not parsed correctly and ends up containing a '/' character which is not allowed.

The certificate could be parsed in the manner puppet does it https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/ssl.rb#L44 to avoid this issue.

Foreman_cert_stack.txt Magnifier (20.7 KB) Stefan Goethals, 01/12/2017 04:04 AM


Related issues

Duplicated by Foreman - Bug #18240: foreman-proxy reports an error about the mcollective cert... Duplicate 01/25/2017

Associated revisions

Revision 73633f3d
Added by Daniel Lobato Garcia over 1 year ago

Fixes #18040 - URL escape PuppetCA CN on proxy view

If the CN contains characters that cannot be displayed in an URL, like
'mcollective/OL=mcollective', the puppetca list will not be able to
render.

The reason is that Rails cannot generate an URL for such CNs, so we need
to convert it into URL-friendly style.

Revision 3552acf4
Added by Daniel Lobato Garcia over 1 year ago

Fixes #18040 - URL escape PuppetCA CN on proxy view

If the CN contains characters that cannot be displayed in an URL, like
'mcollective/OL=mcollective', the puppetca list will not be able to
render.

The reason is that Rails cannot generate an URL for such CNs, so we need
to convert it into URL-friendly style.

(cherry picked from commit 73633f3db179f47a582b8ca2f31a9e430c10f4fb)

History

#1 Updated by Dominic Cleal over 1 year ago

  • Category set to PuppetCA

If you have the log of the error/stacktrace then it may help someone to fix the problem without trying to create a reproducer.

#3 Updated by The Foreman Bot over 1 year ago

  • Status changed from New to Ready For Testing
  • Assignee set to Daniel Lobato Garcia
  • Pull request https://github.com/theforeman/foreman/pull/4185 added

#4 Updated by Dominic Cleal over 1 year ago

  • Duplicated by Bug #18149: Puppet CA returns invalid certificates if using organizational units in the distinguished name added

#5 Updated by Dominic Cleal over 1 year ago

  • Duplicated by deleted (Bug #18149: Puppet CA returns invalid certificates if using organizational units in the distinguished name)

#6 Updated by Daniel Lobato Garcia over 1 year ago

  • Target version set to 169

#7 Updated by Dominic Cleal over 1 year ago

  • Duplicated by Bug #18240: foreman-proxy reports an error about the mcollective certificate added

#8 Updated by Anonymous over 1 year ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#9 Updated by Dominic Cleal over 1 year ago

  • Legacy Backlogs Release (now unused) set to 210

#10 Updated by Brad Buckingham over 1 year ago

  • Target version deleted (169)

#11 Updated by Daniel Lobato Garcia over 1 year ago

  • Target version set to 1.11.0

Also available in: Atom PDF