Bug #27462: katello-certs-check (check-ca-bundle) doesn't catch openssl error correctly - Installer - Foreman

Actions

Copy link

Bug #27462

closed

katello-certs-check (check-ca-bundle) doesn't catch openssl error correctly

Added by Hao Yu over 5 years ago. Updated almost 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Eric Helms

Category:

foreman-installer script

Target version:

Foreman - 2.3.0

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman-installer/pull/617, https://github.com/theforeman/foreman-installer/pull/376

Fixed in Releases:

Foreman - 2.3.0

Found in Releases:

Red Hat JIRA:

Description

Description of problem:
Openssl will return 0 exit code and "OK" message for some errors. For example:

openssl verify -CAfile /root/min_bundle.pem -purpose sslserver /root/sat_cert.pem
/root/sat_cert.pem: C = AU, O = My Org, OU = Web Servers, CN = satellite.example.com
error 26 at 0 depth lookup:unsupported certificate purpose
OK

echo $?
0

The "check-ca-bundle" function only catches the exit code but doesn't catch the error message. This causes the invalid ssl server certificate to pass the test.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Installer

Custom queries

Bug #27462

katello-certs-check (check-ca-bundle) doesn't catch openssl error correctly

Updated by The Foreman Bot over 5 years ago

Updated by Hao Yu over 5 years ago

Updated by The Foreman Bot about 4 years ago

Updated by The Foreman Bot about 4 years ago

Updated by Hao Yu about 4 years ago

Updated by Ewoud Kohl van Wijngaarden almost 4 years ago