Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cert-request: accept CSRs with extraneous data #230

Closed
wants to merge 1 commit into from
Closed

cert-request: accept CSRs with extraneous data #230

wants to merge 1 commit into from

Conversation

frasertweedale
Copy link
Contributor

@frasertweedale frasertweedale commented Nov 10, 2016
edited by martbab

The cert-request command used to accept CSRs that had extra data
surrounding the PEM data, e.g. commentary about the contents of the
CSR. Recent commits that switch to using python-cryptography for
cert and CSR handling broke this. Our acceptance tests use such
CSRs, hence the tests are now failing.

To avoid the issue, freshly encode the python-cryptography
CertificateSigningRequest object as PEM. This avoids re-using the
user-supplied data, in case it has extraneous data.

Fixes: https://fedorahosted.org/freeipa/ticket/6472

@frasertweedale
cert-request: accept CSRs with extraneous data
8f11647 
The cert-request command used to accept CSRs that had extra data
surrounding the PEM data, e.g. commentary about the contents of the
CSR.  Recent commits that switch to using python-cryptography for
cert and CSR handling broke this.  Our acceptance tests use such
CSRs, hence the tests are now failing.

To avoid the issue, freshly encode the python-cryptography
CertificateSigningRequest object as PEM.  This avoids re-using the
user-supplied data, in case it has extraneous data.

Fixes: https://fedorahosted.org/freeipa/ticket/6472
@martbab martbab self-assigned this Nov 11, 2016
@martbab martbab added ack Pull Request approved, can be merged pushed Pull Request has already been pushed labels Nov 11, 2016
@martbab
Copy link
Contributor

martbab commented Nov 11, 2016

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/e1df2e0792a6a423563c4787215b284948f51582

@martbab martbab closed this Nov 11, 2016
@frasertweedale frasertweedale deleted the fix/6472-cert-request-pem-extraneous-data branch November 14, 2016 01:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@martbab martbab

Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
2 participants
@frasertweedale @martbab