Actions
Bug #27462
closed
katello-certs-check (check-ca-bundle) doesn't catch openssl error correctly
Status:
Closed
Priority:
Normal
Assignee:
Category:
foreman-installer script
Target version:
Difficulty:
Triaged:
Yes
Description
Description of problem:
Openssl will return 0 exit code and "OK" message for some errors. For example:
- openssl verify -CAfile /root/min_bundle.pem -purpose sslserver /root/sat_cert.pem
/root/sat_cert.pem: C = AU, O = My Org, OU = Web Servers, CN = satellite.example.com
error 26 at 0 depth lookup:unsupported certificate purpose
OK
- echo $?
0
The "check-ca-bundle" function only catches the exit code but doesn't catch the error message. This causes the invalid ssl server certificate to pass the test.
Updated by The Foreman Bot almost 5 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman-installer/pull/376 added
Updated by Hao Yu almost 5 years ago
This issue seems to only happen in older version of openssl, such as RHEL 7.6 with "openssl-1.0.2k". It doesn't happen in Fedora 27 with "openssl-1.1.0g".
Updated by The Foreman Bot over 3 years ago
- Assignee set to Eric Helms
- Pull request https://github.com/theforeman/foreman-installer/pull/617 added
Updated by Hao Yu over 3 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset installer|1c48582b5b4fe27183137dea9f870bdfa0dd5d63.
Updated by Ewoud Kohl van Wijngaarden over 3 years ago
- Target version set to 2.3.0
- Triaged changed from No to Yes
- Fixed in Releases 2.3.0 added
- Fixed in Releases deleted (
2.4.0)
Actions