Univention Bugzilla – Full Text Bug Listing |
Summary: | Unterstützung für Certificate Signing Requests | ||
---|---|---|---|
Product: | UCS | Reporter: | Jan Christoph Ebersbach <ebersbach> |
Component: | SSL | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | enhancement | ||
Priority: | P5 | CC: | best, gohmann, grandjean, gulden, petersen, stephan.hendl |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.1-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Feature Request | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 54679 |
Description
Jan Christoph Ebersbach
2011-04-04 11:01:57 CEST
Der Bug besteht auch mit UCS 3.0 noch. Der Bug besteht auch mit UCS 3.1 noch. *** Bug 28487 has been marked as a duplicate of this bug. *** Added univention-certificate sign to sign a csr. svn diff -r r74971:r76250 univention-ssl.yaml * sign requires the -reguest (csr file) parameter * CN is extracted from the csr file * gencert is re-used to sign the request (added switch in gencert to either create a request or to use a given request file, alternatively we could add a new signreq function to make-certificates.sh?) Added test tests/test_sign_req and enabled test during built. Merged to 4.2-0. OK: ucs-4.2-0@76256 OK: ucs-4.1-4@76243 YAML OK: ucs-4.1-4@76244 univention-ssl/ OK: ucs-4.1-4@76246 univention-ssl/debian/ OK: ucs-4.1-4@76247 univention-ssl/debian/ OK: ucs-4.1-4@76248 YAML OK: ucs-4.1-4@76250 univention-ssl/tests/ OK: ucs-4.1-4@76251 YAML OK: errata-announce -V --only univention-ssl.yaml FIXED: univention-ssl.yaml "it's called 'certificate signing request', as it is the request to sign a _certificate_, not the _request_ itself." OK: openssl genrsa -rand /dev/urandom -out key.pem 2048 eval "$(ucr shell '^ssl/[^/]+$')" SUB="/C=$ssl_country/ST=$ssl_state/L=$ssl_locality/O=$ssl_organization/OU=$ssl_organizationalunit/CN=test22085" openssl req -new -key key.pem -subj "$SUB" -out req.pem univention-certificate sign -request "$PWD/req.pem" cmp req.pem /etc/univention/ssl/test22085/req.pem openssl x509 -noout -subject -in /etc/univention/ssl/test22085/cert.pem | grep -F "$SUB" FIXED: Please not that you must specify an absolute path, as "univention-ssl" does a "cd $SSLBASE" very early, so relative paths do not work. FIXED: quoting inside getcn() is wrong is the file name contains a blank r76549 | Bug #22085 SSL: Fix sign command Package: univention-ssl Version: 11.0.0-3A~4.2.0.201702081544 Branch: ucs_4.2-0 r76550 | Bug #22085 SSL: Fix sign command Package: univention-ssl Version: 10.0.0-23.180.201702081547 Branch: ucs_4.1-0 Scope: errata4.1-4 r76551 | Bug #22085 SSL: Fix sign command YAML |