Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #28714 - Limit the certificate end date to late 2049 #8507

Closed
wants to merge 1 commit into from
Closed

Fixes #28714 - Limit the certificate end date to late 2049 #8507

wants to merge 1 commit into from

Conversation

hao-yu
Copy link
Contributor

@hao-yu hao-yu commented Jan 10, 2020

Subscription-manager (python-rhsm) can't read the certificate
with end date deyond 2049 year correctly. It will read the date
as 1949 year which causing the pool of the custom products not
accessible.

@hao-yu
Fixes #28714 - Limit the certificate end date to late 2049
e1c56b4 
Subscription-manager (python-rhsm) can't read the certificate
with end date deyond 2049 year correctly. It will read the date
as 1949 year which causing the pool of the custom products not
accessible.
@theforeman-bot
Copy link

Can one of the admins verify this patch?

@theforeman-bot
Copy link

Issues: #28714

@evgeni
Copy link
Member

evgeni commented Jan 10, 2020

ok to test

@evgeni
Copy link
Member

evgeni commented Jan 10, 2020

This fails test_scenarios – Scenarios::RepositoryCreateTest because the VCR tape doesn't match anymore :(

ekohl
ekohl reviewed Jan 10, 2020
View reviewed changes
app/lib/katello/resources/candlepin/product.rb
# End it 100 years from now
end_date ||= start_date + 10_950.days

# Subscription-manager (python-rhsm) can't read the certificate with end date deyond
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# Subscription-manager (python-rhsm) can't read the certificate with end date deyond
# Subscription-manager (python-rhsm) can't read the certificate with end date beyond

app/lib/katello/resources/candlepin/product.rb

# Subscription-manager (python-rhsm) can't read the certificate with end date deyond
# 2049 year correctly. Refer the links below for more details:
# https://bugzilla.redhat.com/show_bug.cgi?id=1789654
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most of the comments are private, such as linking to RFC 5280 that states:

CAs conforming to this profile MUST always encode certificate validity dates through the year 2049 as UTCTime; certificate validity dates in 2050 or later MUST be encoded as GeneralizedTime.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i can make that comment not-private

app/lib/katello/resources/candlepin/product.rb
# 2049 year correctly. Refer the links below for more details:
# https://bugzilla.redhat.com/show_bug.cgi?id=1789654
# https://github.com/candlepin/candlepin/blob/5b87865f304555c112982af4fbc83a1c463d37b2
# /server/src/main/java/org/candlepin/model/UeberCertificateGenerator.java#L247
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure how useful it is to split a URL over multiple lines

@jlsherrill
Copy link
Member

@hao-yu thank you for your fix! i've recorded the cassettes and included your fix as part of #8508 with your commit. I've also addressed a few of @ekohl comments there. Closing this in favor of that

@jlsherrill jlsherrill closed this Jan 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ekohl ekohl ekohl left review comments

@jlsherrill jlsherrill jlsherrill approved these changes

Assignees
No one assigned
Labels
Needs testing Not yet reviewed
Projects
None yet
Milestone
No milestone
5 participants
@hao-yu @theforeman-bot @evgeni @jlsherrill @ekohl