Project

General

Profile

Bug #8512

don't put certificate metadata in PEM files

Added by Adam Price over 5 years ago. Updated 9 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

"The final conversion output shouldn’t contain anything apart from the encoded key and certificates. Although some tools are smart enough to ignore what isn’t needed, other tools are not. Leaving extra data in PEM files might result in problems that are difficult to troubleshoot." from OpenSSL Cookbook [1].

[1] https://www.feistyduck.com/books/openssl-cookbook/

History

#1 Updated by Alex Wood over 5 years ago

Affected certs can be found by searching for words like "Signature" or "Validity"

[root@katello-centos6-2 katello]# grep -r -l 'Signature' /etc/pki/katello/
/etc/pki/katello/certs/katello-apache.crt
/etc/pki/katello/certs/java-client.crt
/etc/pki/katello/certs/katello-centos6-2.0.example.com-qpid-broker.crt
/etc/pki/katello/certs/katello-default-ca.crt
/etc/pki/katello/qpid_client_striped.crt

#2 Updated by Eric Helms over 5 years ago

  • Legacy Backlogs Release (now unused) set to 23
  • Triaged changed from No to Yes

#3 Updated by Eric Helms over 5 years ago

  • Legacy Backlogs Release (now unused) deleted (23)

#4 Updated by Eric Helms over 4 years ago

  • Legacy Backlogs Release (now unused) set to 114

#5 Updated by John Mitsch 9 months ago

  • Status changed from New to Closed

Thanks for reporting this issue. This issue was created over 4 years ago and hasn't seen an update in 1 year. We are closing this in an effort to keep a realistic backlog. Please open up a new issue that includes a link to this issue if you feel this still needs to be addressed. We can then triage the new issue and reassess.

#6 Updated by Justin Sherrill 9 months ago

  • Target version deleted (Katello Backlog)

#7 Updated by Justin Sherrill 9 months ago

  • Status changed from Closed to Rejected

Also available in: Atom PDF