Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport 1.8.x: Fix pkcs7 parsing in some cases (#12519) #13851

Merged
merged 3 commits into from Feb 11, 2022
Merged

Backport 1.8.x: Fix pkcs7 parsing in some cases (#12519) #13851

merged 3 commits into from Feb 11, 2022

Conversation

jasonodonnell
Copy link
Contributor

  • Fix pkcs7 parsing in some cases

brings in mozilla-services/pkcs7#61 from upstream

In some cases but not all, aws includes a certificate in the pkcs7 response,
and currently vault fails to parse those certificates:

URL: PUT https://vault.example.com/v1/auth/aws/login
Code: 500. Errors
* failed to parse the BER encoded PKCS#7 signature: ber2der: Invalid BER format

This fixes logins on those instances. Note we could not readily ascertain why
some instances have those certificates and others don't.

  • Add changelog entry

  • Correct missed line

@maths22 @jasonodonnell
Fix pkcs7 parsing in some cases (#12519)
756c0c3 
* Fix pkcs7 parsing in some cases

brings in mozilla-services/pkcs7#61 from upstream

In some cases but not all, aws includes a certificate in the pkcs7 response,
and currently vault fails to parse those certificates:
```
URL: PUT https://vault.example.com/v1/auth/aws/login
Code: 500. Errors
* failed to parse the BER encoded PKCS#7 signature: ber2der: Invalid BER format
```

This fixes logins on those instances.  Note we could not readily ascertain why
some instances have those certificates and others don't.

* Add changelog entry

* Correct missed line
@jasonodonnell jasonodonnell requested a review from a team January 31, 2022 21:30
@jasonodonnell jasonodonnell mentioned this pull request Jan 31, 2022
Merged
@calvn calvn added this to the 1.8.9 milestone Jan 31, 2022
@calvn
Copy link
Member

calvn commented Jan 31, 2022

Should we also make a backport for release/1.9.x?

@kalafut
Copy link
Contributor

kalafut commented Feb 1, 2022

@calvn This landed in main back in Sept, so it’s already in the 1.9 releases.

@vercel vercel bot temporarily deployed to Preview – vault February 4, 2022 15:39 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 4, 2022 15:39 Inactive
@jasonodonnell jasonodonnell merged commit 80244bc into release/1.8.x Feb 11, 2022
@jasonodonnell jasonodonnell deleted the backport-pr-12519-1.8.x branch February 11, 2022 22:36
@harsimranmaan
Copy link
Contributor

This also seems to be an issue on 1.7.9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calvn calvn calvn approved these changes

Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
1.8.9
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@jasonodonnell @calvn @kalafut @harsimranmaan @maths22