Anchor

CA status should be always rejected by Anchor

Bug #1508776 reported by Stanislaw Pitucha on 2015-10-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Anchor	Fix Released	Undecided	Stanislaw Pitucha

Bug Description

There's no reason for Anchor to issue CA certificates. Currently there's a validator which checks the requested CA status, but it can also allow only CA which doesn't make much sense.

Instead of fixing the validator, Anchor should enforce that no CA certs can be issued from it.

Stanislaw Pitucha (stanislaw-pitucha) on 2015-10-22

Changed in anchor:
assignee:	nobody → Stanislaw Pitucha (stanislaw-pitucha)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-10-22: Fix proposed to anchor (master)

Fix proposed to branch: master
Review: https://review.openstack.org/238345

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-10-30: Fix merged to anchor (master)

Reviewed: https://review.openstack.org/238345
Committed: https://git.openstack.org/cgit/openstack/anchor/commit/?id=c6cb4d9b3d34fb794df598b6707c1e888d675fb3
Submitter: Jenkins
Branch: master

commit c6cb4d9b3d34fb794df598b6707c1e888d675fb3
Author: Stanisław Pitucha <email address hidden>
Date: Thu Oct 22 16:36:11 2015 +1100

Remove bad ca_status validator. Always reject CA

Remove a validator which has been marked for an update for some time.
CA certificate signing should not be handled by Anchor at all.

Change-Id: Ib13a0ca3445956e35c23c559f59f37e6721c1a33
Closes-bug: 1508776

Changed in anchor:
status:	In Progress → Fix Committed

Stanislaw Pitucha (stanislaw-pitucha) on 2016-04-15

Changed in anchor:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.