Issue #7700: ipa cert-show --chain --certificate-out fails with an internal error - freeipa

freeipa

#7700 ipa cert-show --chain --certificate-out fails with an internal error

Closed: fixed 5 years ago Opened 5 years ago by bartoc.

Issue

ipa cert-show NN --chain --certificate-out=somefile.pem fails with an internal error when the cert is a sub-ca cert

Steps to Reproduce

run ipa cert-show NN --chain --certificate-out=somefile.pem with NN=the ID of a sub ca certificate
observe bug

Actual behavior

ipa: ERROR: non-public: Error: Incorrect padding
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/ipalib/backend.py", line 141, in execute
    return self.Command[_name](*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 801, in run
    return self.forward(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipaclient/plugins/cert.py", line 181, in forward
    return super(cert_show, self).forward(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipaclient/plugins/cert.py", line 70, in forward
    x509.write_certificate_list(certs, certificate_out)
  File "/usr/lib/python3.6/site-packages/ipalib/x509.py", line 568, in write_certificate_list
    for cert in certs:
  File "/usr/lib/python3.6/site-packages/ipaclient/plugins/cert.py", line 69, in <genexpr>
    for cert in certs)
  File "/usr/lib64/python3.6/base64.py", line 87, in b64decode
    return binascii.a2b_base64(s)

Expected behavior

I expect a certificate chain in pem encoded format.

Version/Release/Distribution

freeipa-client-4.7.0-1.fc28.x86_64

Metadata Update from @ftweedal:
- Issue assigned to ftweedal

5 years ago

ftweedal commented 5 years ago

PR: https://github.com/freeipa/freeipa/pull/2402

Metadata Update from @ftweedal:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/2402

5 years ago

Metadata Update from @cheimes:
- Issue set to the milestone: FreeIPA 4.6.5

5 years ago

cheimes commented 5 years ago

Related PR https://pagure.io/freeipa/issue/7628 landed in 4.6 and 4.7

Metadata Update from @cheimes:
- Issue set to the milestone: None (was: FreeIPA 4.6.5)

5 years ago

cheimes commented 5 years ago

master:

a2ad417 Fix writing certificate chain to file

cheimes commented 5 years ago

ipa-4-7:

5c8f39a Fix writing certificate chain to file

cheimes commented 5 years ago

ipa-4-6:

b94e1d1 Fix writing certificate chain to file

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

5 years ago

Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1700990

4 years ago

frenaud commented 4 years ago

Issue linked to Bugzilla: Bug 1700990

Metadata

Assignee

ftweedal

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

https://github.com/freeipa/freeipa/pull/2402

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1700990

tester

None

changelog

None

design

None

freeipa

Source Code

#7700 ipa cert-show --chain --certificate-out fails with an internal error Closed: fixed 5 years ago Opened 5 years ago by bartoc.

Issue

Steps to Reproduce

Actual behavior

Expected behavior

Version/Release/Distribution

Metadata

#7700 ipa cert-show --chain --certificate-out fails with an internal error

Closed: fixed 5 years ago Opened 5 years ago by bartoc.