New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Regression in external CA installation when custom CSR extension specified #2945
Comments
Comment from ftweedal (@frasertweedale) at 2017-09-29 01:30:57 Gerrit review: https://review.gerrithub.io/#/c/380746/ |
Comment from ftweedal (@frasertweedale) at 2017-09-29 01:30:58 Metadata Update from @frasertweedale:
|
Comment from ftweedal (@frasertweedale) at 2017-09-29 01:31:04 Metadata Update from @frasertweedale:
|
Comment from edewata (@edewata) at 2017-09-29 19:30:34 Metadata Update from @edewata:
|
Comment from ftweedal (@frasertweedale) at 2017-10-02 21:38:57 Fixed in master (7531bd6) |
Comment from ftweedal (@frasertweedale) at 2017-10-02 21:38:57 Metadata Update from @frasertweedale:
|
Comment from ftweedal (@frasertweedale) at 2017-10-02 21:39:30 Metadata Update from @frasertweedale:
|
Comment from vakwetu (@vakwetu) at 2017-10-09 09:43:21 Metadata Update from @vakwetu:
|
Comment from mharmsen (@mharmsen) at 2017-10-10 13:45:43 Metadata Update from @mharmsen:
|
Comment from mharmsen (@mharmsen) at 2017-10-26 20:49:58 Metadata Update from @mharmsen:
|
This issue was migrated from Pagure Issue #2825. Originally filed by ftweedal (@frasertweedale) on 2017-09-29 00:43:22:
A regression was introduced in CSR generation for external CA installation,
when custom CSR extension is specified (e.g. by IPA, adding MS AD-CS template extension).
Log output:
The cause seems to be the addition of the
extended_key_usage_ext
parameter togenerate_csr
without a corresponding update to the call site ingenerate_ca_signing_csr
. This call uses positional parameters and the custom extension list is passed at the position of thenew
extended_key_usage_ext
parameter.The
extended_key_usage_ext
parameter was added in commit df1e923, but note that it was not used until commit f183cca which is where the code that actually breaks installation was added.The text was updated successfully, but these errors were encountered: