CMC: cmc.popLinkWitnessRequired=false would cause error

[pki-bot]

This issue was migrated from Pagure Issue #2675. Originally filed by mharmsen (@mharmsen) on 2017-05-04 00:42:52:

• Closed at 2018-01-19 18:17:17 as fixed
• Assigned to cfu (@cfu)
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1447145

---

There appears to be a bug in parseCMC() where if
cmc.popLinkWitnessRequired=false in CS.cfg (that happens to be default), error
would occur.

Workaround is to set cmc.popLinkWitnessRequired=true until fix is available.

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-05-04 00:43:58

Metadata Update from @mharmsen:

• Custom field component adjusted to General
• Custom field feature adjusted to ''
• Custom field origin adjusted to Community
• Custom field proposedmilestone adjusted to ''
• Custom field proposedpriority adjusted to ''
• Custom field reviewer adjusted to ''
• Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1447145
• Custom field type adjusted to defect
• Custom field version adjusted to ''
• Issue close_status updated to: fixed
• Issue priority set to: critical
• Issue status updated to: Closed (was: Open)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-05-04 12:38:16

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.4.4 (was: 10.4)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-05-05 20:32:04

Metadata Update from @mharmsen:

• Issue assigned to cfu

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-05-09 23:39:14

Metadata Update from @mharmsen:

• Custom field fixedinversion adjusted to pki-core-10.4.1-4.el7

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-08-03 11:56:31

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.4.9 (was: 10.4.4)

[pki-bot]

Comment from cfu (@cfu) at 2018-01-12 14:34:55

Need to reopen this bug.

While the cmc.popLinkWitnessRequired param in CS.cfg is working as expected,
when it is true, it is impossible to do encryptedPOP because there is no POP to
start with and would therefore be rejected. Changing this value and restarting
the server is not a reasonable option for most deployment sites.

We should add a caveat to the cmc.popLinkWitnessRequired logic so that
encryptedPOP is allowed.

[pki-bot]

Comment from cfu (@cfu) at 2018-01-12 14:34:55

Metadata Update from @cfu:

• Issue status updated to: Open (was: Closed)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2018-01-16 12:41:31

Metadata Update from @mharmsen:

• Issue priority set to: blocker (was: critical)

[pki-bot]

Comment from cfu (@cfu) at 2018-01-16 22:03:48

patch for review: https://review.gerrithub.io/#/c/395013/

[pki-bot]

Comment from cfu (@cfu) at 2018-01-17 17:45:49

commit c52c51c (HEAD -> master, origin/master, origin/HEAD)
Author: Christina Fu cfu@redhat.com
Date: Tue Jan 16 18:15:21 2018 -0800

Ticket 2675 additional fix to allow requests without POP

This patch adds support for requests without POP to be served even when cmc.popLinkWitnessRequired is true. Requests without POP will be handled with EncryptedPOP/DecryptedPOP two-trip mechanism.

Fixes: https://pagure.io/dogtagpki/issue/2675
Change-Id: Id4aab1a85dcaeaa65e625873e617af86b44a271b

[pki-bot]

Comment from cfu (@cfu) at 2018-01-17 17:45:49

Metadata Update from @cfu:

• Issue close_status updated to: fixed

[pki-bot]

Comment from cfu (@cfu) at 2018-01-19 17:36:12

previous fix did not put PKCS10 into account. Need to address that.

[pki-bot]

Comment from cfu (@cfu) at 2018-01-19 17:36:13

Metadata Update from @cfu:

• Issue status updated to: Open (was: Closed)

[pki-bot]

Comment from cfu (@cfu) at 2018-01-19 18:17:19

https://review.gerrithub.io/#/c/395574/

commit 91c6c78 (HEAD -> master, origin/master, origin/HEAD, pop)
Author: Christina Fu cfu@redhat.com
Date: Fri Jan 19 14:45:17 2018 -0800

Ticket 2675 take care of PKCS10 for cmc.popLinkWitnessRequired

This patch adds support to handle PKCS10 which was neglected in previous
"additional" fix.

Fixes: https://pagure.io/dogtagpki/issue/2675
Change-Id: Ifc824d64c83f979ffd610658a6e7114598ce8055

[pki-bot]

Comment from cfu (@cfu) at 2018-01-19 18:17:19

Metadata Update from @cfu:

• Issue close_status updated to: fixed
• Issue status updated to: Closed (was: Open)