-
Notifications
You must be signed in to change notification settings - Fork 26
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Switch X509CertGuard to db storage and urlencode
The X509CertGuard was requiring the user to perform newline stripping from certificates, but this operation invalidates some certificates. Therefore it is not possible to continue with this method. This PR switches the expectation of certificate delivery to be urlencoded and no longer with newlines striped. This PR also stores the `X509CertGuard.ca_certificate` in the database instead of on the filesystem. This PR fully regenerates the migrations, which is a breaking change. It comes with a .removal release note advising users as such. https://pulp.plan.io/issues/6352 closes #6352
- Loading branch information
Showing
11 changed files
with
361 additions
and
606 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
``X509CertGuard.ca_certificate`` is now stored in the database and not on the filesystem. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
Migrations had to be regenerated from scratch due to a backwards incompatible change where | ||
``X509ContentGuard.ca_certificate`` is now stored in the database and not on the filesystem. Users | ||
who have already run migrations will need to drop the ``RHSMCertGuard`` and ``X509CertGuard`` tables | ||
manually from their databases, reapply migrations, and re-create their CertGuard objects. | ||
|
||
Also the submission of the client cert to the content app occurs via the `X-CLIENT-CERT` header, and | ||
is expected to be urlencoded. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.