New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bugfix #47984 messed up cert serial #48080

Merged
merged 3 commits into from Jun 22, 2018

Conversation

Projects
None yet
5 participants
@lusche

lusche commented Jun 13, 2018

What does this PR do?

Fix the Problem described in #47984 in the 2017 branch

What issues does this PR fix or reference?

#47984

Tests written?

No

Commits signed with GPG?

No

Sebastian Gerlach
@cachedout

This comment has been minimized.

Contributor

cachedout commented Jun 13, 2018

I would rather we just backport #47984 instead. @rallytime what do you think?

@lusche

This comment has been minimized.

lusche commented Jun 13, 2018

I'm sure that is possible but some parts of the PR are not available in the 2017 branch.

For example: import salt.utils.stringutils

To be honest my fix is quick an not so "nice" but should do the job. But if anyone is willing to backport the original fix that's ok to.

I hope that this issue gets a fix soon. At this time we had a ugly workaround to make it work.

@rallytime rallytime requested a review from garethgreenaway Jun 13, 2018

@jeduardo

This comment has been minimized.

Contributor

jeduardo commented Jun 13, 2018

Hey all, chiming in here :)

My original fix actually targeted at 2017.7 and was even simpler than the one suggested here. Removing the offending line serial_number = str(int(serial_number, 16)) was enough to get the correct serial into the CRL. This is what is running on my 2017.7 environment though the magic of _modules/x509.py.

However as current Salt has unicode strings everywhere (which is a Good Thing(tm)) simply removing the line ended up not being enough.

@cachedout

This comment has been minimized.

Contributor

cachedout commented Jun 14, 2018

@jeduardo Thanks for the info. Are you in favor of this being merged then? I couldn't quite get your opinion from your comment.

@jeduardo

This comment has been minimized.

Contributor

jeduardo commented Jun 16, 2018

@cachedout I've meant to say that the patch is in the right direction but can be simplified by removing the buggy line altogether instead of replacing it by serial_number = str(serial_number).

The serial_number variable will already be a string at that point in the code (as its value is returned from string.replace() as a string already), thus making the str(serial_number) call redundant.

@rallytime

This comment has been minimized.

Contributor

rallytime commented Jun 19, 2018

Ah, I missed my original ping somehow. I can backport #47986 to the 2018.3 branch, but as stated above, it won't back-port nicely to 2017.7. I'll do the 2018.3 back-port right now so it will be included in 2018.3.3.

In the mean time, @lusche - what do you think about @jeduardo's latest comment.

@lusche

This comment has been minimized.

lusche commented Jun 21, 2018

@rallytime i pushed the suggested changes. @jeduardo hint sounds plausible.

@rallytime

This comment has been minimized.

Contributor

rallytime commented Jun 21, 2018

@lusche Great, thank you!

How does this look to you now @jeduardo?

Also @garethgreenaway - You've been involved in this code somewhat recently. Can you review this please?

@garethgreenaway

This comment has been minimized.

Member

garethgreenaway commented Jun 21, 2018

In 2017.7 we should be fine just removing that line since we're not enforcing Unicode like we are in 2018.3. This looks good to me.

@jeduardo

This comment has been minimized.

Contributor

jeduardo commented Jun 22, 2018

@rallytime well, @garethgreenaway already approved it but indeed it does look just like the patch I initially did when I've faced the problem on 2017.7.

I'm also really glad this is getting in as we are not yet ready to migrate to 2018.3 at $WORKPLACE. :)

@rallytime rallytime merged commit 83d7d28 into saltstack:2017.7 Jun 22, 2018

7 of 9 checks passed

default Build finished.
Details
jenkins/PR/salt-pr-rs-cent7-n Pull Requests » Salt PR - RS CentOS 7 #19961 — FAILURE
Details
WIP ready for review
Details
jenkins/PR/salt-pr-clone Pull Requests » Salt PR - Clone #26111 — SUCCESS
Details
jenkins/PR/salt-pr-docs-n Pull Requests » Salt PR - Docs #18164 — SUCCESS
Details
jenkins/PR/salt-pr-linode-cent7-py3 Pull Requests » Salt PR - Linode CentOS 7 - PY3 #5908 — SUCCESS
Details
jenkins/PR/salt-pr-linode-ubuntu14-n Pull Requests » Salt PR - Linode Ubuntu14.04 #23837 — SUCCESS
Details
jenkins/PR/salt-pr-linode-ubuntu16-py3 Pull Requests » Salt PR - Linode Ubuntu16.04 - PY3 #10879 — SUCCESS
Details
jenkins/PR/salt-pr-lint-n Pull Requests » Salt PR - Code Lint #22799 — SUCCESS
Details

@lusche lusche deleted the lusche:2017.7 branch Jul 6, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment