Anchor

http 500 error if CSR presented with no CN

Bug #1465349 reported by Dave Walker
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Anchor
Fix Released
Undecided
Dave Walker

Bug Description

It is possible to create a CSR with the omission of a CN. This currently throws a 500 as it is an unhanded error. We can't work with a CSR like this, so we should handle this and throw a 400 Bad Request instead.

2015-06-15 16:46:45,827 ERROR [anchor.certificate_ops][32986/MainThread] Error running validator <server_group> - list index out of range
Traceback (most recent call last):
  File "/home/ubuntu/anchor/anchor/certificate_ops.py", line 113, in validate_csr
    valid = _run_validator(vname, validator, args)
  File "/home/ubuntu/anchor/anchor/certificate_ops.py", line 79, in _run_validator
    validator(**new_kwargs)
  File "/home/ubuntu/anchor/anchor/validators.py", line 177, in server_group
    cn = csr_get_cn(csr)
  File "/home/ubuntu/anchor/anchor/validators.py", line 30, in csr_get_cn
    return data[0].get_value()
IndexError: list index out of range
2015-06-15 16:46:45,828 INFO [wsgi][32986/MainThread] 127.0.0.1 - - [15/Jun/2015:16:46:44 +0000] "POST /sign HTTP/1.1" 500 303 "-" "curl/7.35.0"

Dave Walker (davewalker)
Changed in anchor:
assignee: nobody → Dave Walker (davewalker)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to anchor (master)

Fix proposed to branch: master
Review: https://review.openstack.org/191899

Changed in anchor:
status: New → In Progress
OpenStack Infra (hudson-openstack)
Changed in anchor:
status: In Progress → Fix Committed
Stanislaw Pitucha (stanislaw-pitucha)
Changed in anchor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.