Project

General

Profile

Actions
Copy link

Bug #26458

closed

Smart Proxy lists valid certificates as expired

Added by Alex Fisher over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Alex Fisher
Category:
PuppetCA
Target version:
-
Difficulty:
trivial
Triaged:
No
Bugzilla link:
Pull request:
https://github.com/theforeman/smart-proxy/pull/644
Fixed in Releases:
Foreman - 1.22.0
Found in Releases:
Foreman - 1.22.0
Red Hat JIRA:

Description

The logic in the new puppetca http api implementation is wrong (when using puppetserver >= 6.3)

The new puppetserver API doesn't return whether a certificate has expired or not. It returns a state of `requested`, `signed` or `revoked` and (since puppetserver 6.3), `not_before` and `not_after`. Clients, (such as the smart-proxy), are required to work out whether a `signed` certificate is expired or not based on the `not_before` and `not_after` dates.

Foreman expects a certificate to be `valid`, `revoked`, or `pending`. The smart-proxy should return `valid` for `signed` certificates that haven't expired, and `revoked` for those that have. It is currently returning `revoked` for non-expired certificates and `valid` for those that have expired.

Actions
Copy link
 #1

Updated by The Foreman Bot over 5 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/smart-proxy/pull/644 added
Actions
Copy link
 #2

Updated by Alex Fisher over 5 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link
 #3

Updated by Tomer Brisker over 5 years ago

  • Fixed in Releases 1.22.0 added
Actions
Copy link

Also available in: Atom PDF