Open pki-bot opened 4 years ago
Comment from mharmsen (@mharmsen) at 2015-10-19 20:37:27
Per CS/DS meeting of 10/19/2015: 10.3 - major
Comment from jmagne (@jmagne) at 2015-10-20 23:29:50
OK:
Here is what is going on.
We are trying to publish a CA cert.
To do this we need the rule "LdapCACertRule"
The type of this rule in the console is defaulted to "cacert".
When the publish happens this stack trace occurs:
PublisherProcessor.publishCert(X509Certificate, IRequest) line: 1029
LdapEnrollmentListener.acceptX509(IRequest, Certificate[]) line: 230
LdapEnrollmentListener.accept(IRequest) line: 217
LdapRequestListener.accept(IRequest) line: 161
The crucial piece of code:
public void publishCert(X509Certificate cert, IRequest req) throws ELdapException { boolean error = false; StringBuffer errorRule = new StringBuffer();
CMS.debug("In PublisherProcessor::publishCert");
if (!enabled())
return;
// get mapper and publisher for cert type.
Enumeration<ILdapRule> rules = getRules("certs", req);
Note how this routine is looking for rules of type "certs", where ours is "cacert".
There is another routine called publishCACert, which is not called here. The reason for this I don not know why.
The workaround is to change the type of that publish rule to "certs" and it works.
The fix is not known as of yet.
Comment from mharmsen (@mharmsen) at 2015-10-21 02:07:37
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1265678 (Red Hat Certificate System)
Comment from jmagne (@jmagne) at 2016-04-22 00:23:21
Should be simple bug fix, despite workaround, moving to 10.3.2
Comment from mharmsen (@mharmsen) at 2016-05-06 23:38:26
Per Bug Triage of 05/05/2016: 10.3.2
Comment from mharmsen (@mharmsen) at 2016-06-24 00:20:28
Per PKI Bug Council of 06/23/2016: 10.4
Comment from mrniranjan (@mrniranjan) at 2017-02-27 13:57:54
Metadata Update from @mrniranjan:
Comment from mharmsen (@mharmsen) at 2017-08-30 23:50:59
Metadata Update from @mharmsen:
Comment from mharmsen (@mharmsen) at 2018-04-10 21:42:45
Per 10.5.x/10.6 Triage: FUTURE
jmagne says that this is a corner-case
This issue was migrated from Pagure Issue #1651. Originally filed by mrniranjan (@mrniranjan) on 2015-10-13 22:29:25:
Unable to publish CA certs to ldap server.
Steps to Reproduce:
Actual results:
Additional info: