Project

General

Profile

Bug #19391

Ca Cert Fetcher should check if downloaded cert has CA capabilities

Added by Martin Bacovsky about 3 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Category:
Hammer core
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:
In Kanboard:

Description

When the server is configured in a way that the cert does not contain the CA chain the Hammer cert fetcher downloads only the server cert that is not CA and it is not possible to use it fro verification. The CA cert fetcher should check if the cert that was downloaded is a CA and prevent storing it otherwise.

Associated revisions

Revision 6c184658 (diff)
Added by Martin Bacovsky about 3 years ago

Fixes #19391 - Prevent fetching of non-CA certificates

Each fetched certificate extensions are checked for presence CA:TRUE
or "Certificate Sign" key usage. Instructions for further steps are
provided for the negative cases.

History

#1 Updated by The Foreman Bot about 3 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/hammer-cli/pull/237 added

#2 Updated by Tomáš Strachota about 3 years ago

  • Legacy Backlogs Release (now unused) set to 256

#3 Updated by Martin Bacovsky about 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF