Bug #8512: don't put certificate metadata in PEM files - Katello - Foreman

Bug #8512

don't put certificate metadata in PEM files

Added by Adam Price over 4 years ago. Updated about 1 year ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Security

Target version:

Katello Backlog

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

Team Backlog:

Fixed in Releases:

Found in Releases:

Description

"The final conversion output shouldn’t contain anything apart from the encoded key and certificates. Although some tools are smart enough to ignore what isn’t needed, other tools are not. Leaving extra data in PEM files might result in problems that are difficult to troubleshoot." from OpenSSL Cookbook [1].

[1] https://www.feistyduck.com/books/openssl-cookbook/

History

#1 Updated by Alex Wood over 4 years ago

Affected certs can be found by searching for words like "Signature" or "Validity"

[root@katello-centos6-2 katello]# grep -r -l 'Signature' /etc/pki/katello/
/etc/pki/katello/certs/katello-apache.crt
/etc/pki/katello/certs/java-client.crt
/etc/pki/katello/certs/katello-centos6-2.0.example.com-qpid-broker.crt
/etc/pki/katello/certs/katello-default-ca.crt
/etc/pki/katello/qpid_client_striped.crt

#2 Updated by Eric Helms over 4 years ago

Legacy Backlogs Release (now unused) set to 23
Triaged changed from No to Yes

#3 Updated by Eric Helms over 4 years ago

Legacy Backlogs Release (now unused) deleted (23)

#4 Updated by Eric Helms over 3 years ago

Legacy Backlogs Release (now unused) set to 114

Also available in: Atom PDF

Project

General

Profile

Plugins » Katello

Issues

Custom queries