CA configuration failed on IPA server. (@pki/master)

dogtagpki / pki

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.

https://www.dogtagpki.org

GNU General Public License v2.0

371 stars 137 forks source link

CA configuration failed on IPA server. (@pki/master) #4891

Open amore17 opened 5 days ago

amore17 commented 5 days ago

The installation of a CA fails on a server when the @pki/master copr repository is enabled.

The error can be seen in FreeIPA nightly tests, for instance in PR #https://github.com/freeipa-pr-ci2/freeipa/pull/4130 with the report and logs

flo-renaud commented 5 days ago

The issue was introduced with this commit: https://github.com/dogtagpki/pki/commit/596ea567a81170c03304ce5ec8080e4aa8d85c30

The commit is using the methods not_valid_before_utc / not_valid_after_utc but they were introduced with python-cryptography 42.0.0 (https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Certificate.not_valid_before_utc) and the test is running on Fedora 40 with python-cryptography-41.0.7-1.fc40

edewata commented 1 day ago

The issue should be fixed in https://github.com/dogtagpki/pki/commit/16a100405ca5e8d7719ccc68f98f220cbdfa0a08.

Could you try again? Thanks.