Issue #6221: Certificate revocation in service-del and host-del isn't aware of Sub CAs - freeipa

freeipa

#6221 Certificate revocation in service-del and host-del isn't aware of Sub CAs

Closed: Fixed None Opened 7 years ago by mkubik.

As a part of the procedure of deleting a service or host entry, any certificates issued for them are revoked.

The function that revokes the certificate (located in service plugin module) is not aware of Sub CAs and calls cert-show without cacn option. This causes a fail because the cert-show will assume the ipa CA for a certificate signed by a Sub CA.

This causes an error during certificate revocation that aborts the delete operation.

pvoborni commented 7 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1370519

jcholast commented 7 years ago

master:

daeaf2a Make host/service cert revocation aware of lightweight CAs

ipa-4-4:

d3f3869 Make host/service cert revocation aware of lightweight CAs

Metadata Update from @mkubik:
- Issue assigned to ftweedal
- Issue set to the milestone: FreeIPA 4.4.2

7 years ago

Metadata

Assignee

ftweedal

Tags

None

Blocking

None

Depending on

None

Priority

important

Milestone

FreeIPA 4.4.2

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

wanted

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1370519

tester

mkubik

changelog

None

design

None

freeipa

Source Code

#6221 Certificate revocation in service-del and host-del isn't aware of Sub CAs Closed: Fixed None Opened 7 years ago by mkubik.

Metadata

#6221 Certificate revocation in service-del and host-del isn't aware of Sub CAs

Closed: Fixed None Opened 7 years ago by mkubik.