Leaf certificates are renewed based on invalid CA certificates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Reinildes Oliveira |
Bug Description
Brief Description
-------
Leaf certificates are renewed based on invalid CA certificates
Error scenario:
subcloud rehome with with expired certificates
Error condition:
If we leave the system with expired certificates for more than 1 day, /usr/bin/
How to verify the error condition?
What is the side effects?
Severity
-------
<Critical: System/Feature is not usable after the defect>
Steps to Reproduce
Deploy systemcontroller A and subclouds with HW clock set to current date
Deploy systemcontroller B with clock set to 11 years ahead
Update subclouds HW clock to 11 years ahead
It will make the subclouds certificates to be expired
Leave the system in this state for at least one day
Rehome subclouds to systemcontroller B
Expected Behavior
-------
The subclouds should be rehomed successfully and all certificates should be in valid state
Actual Behavior
-------
The subcloud is rehomed successfully, however leaf certificates are not in valid state
Reproducibility
-------
100% reproducible
System Configuration
-------
DC
Load info (eg: 2022-03-
// code placeholder
Last Pass
-------
new test scenario.
Alarms
-------
no alarms
Test Activity
-------
Regression Testing
Workaround
-------
not available
Changed in starlingx: | |
assignee: | nobody → Reinildes Oliveira (rjosemat) |
Changed in starlingx: | |
importance: | Undecided → Medium |
tags: | added: stx.10.0 stx.security |
Fix proposed to branch: master /review. opendev. org/c/starlingx /config/ +/914684
Review: https:/