OpenStack-Ansible

concatenation of certificates for haproxy incorrect

Bug #1493421 reported by Jean-Philippe Evrard
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
High
Jean-Philippe Evrard
OpenStack-Ansible liberty-3
Kilo
Fix Released
High
Jean-Philippe Evrard
OpenStack-Ansible 11.2.2
Trunk
Fix Released
High
Jean-Philippe Evrard
OpenStack-Ansible liberty-3

Bug Description

If you provide a CA in addition to your certificate file (with a certificate that is not complete), then the concatenation is wrongly done for haproxy.pem.

Jean-Philippe Evrard (jean-philippe-evrard)
Changed in openstack-ansible:
assignee: nobody → Jean-Philippe Evrard (jean-philippe-evrard)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to os-ansible-deployment (master)

Fix proposed to branch: master
Review: https://review.openstack.org/221361

Changed in openstack-ansible:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to os-ansible-deployment (master)

Reviewed: https://review.openstack.org/221361
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=aba131d77619e8b00ac4b9f4a93cbe86dc570037
Submitter: Jenkins
Branch: master

commit aba131d77619e8b00ac4b9f4a93cbe86dc570037
Author: Jean-Philippe Evrard <email address hidden>
Date: Tue Sep 8 17:24:15 2015 +0200

    Changed certificate order for pem generation with CA files

    pem generation should always start from closer certificate
    to the top of the chain. This commit fixes that.

    Change-Id: I315bf4f818cc8eb606823a48843f1931e1779223
    Closes-Bug: #1493421

Changed in openstack-ansible:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to os-ansible-deployment (kilo)

Fix proposed to branch: kilo
Review: https://review.openstack.org/221682

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to os-ansible-deployment (kilo)

Reviewed: https://review.openstack.org/221682
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=0036b352852d600d796ae7c2ea25c42590646d5e
Submitter: Jenkins
Branch: kilo

commit 0036b352852d600d796ae7c2ea25c42590646d5e
Author: Jean-Philippe Evrard <email address hidden>
Date: Tue Sep 8 17:24:15 2015 +0200

    Changed certificate order for pem generation with CA files

    pem generation should always start from closer certificate
    to the top of the chain. This commit fixes that.

    Change-Id: I315bf4f818cc8eb606823a48843f1931e1779223
    Closes-Bug: #1493421
    (cherry picked from commit aba131d77619e8b00ac4b9f4a93cbe86dc570037)

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/openstack-ansible 11.2.11

This issue was fixed in the openstack/openstack-ansible 11.2.11 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible 11.2.12

This issue was fixed in the openstack/openstack-ansible 11.2.12 release.

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/openstack-ansible 11.2.14

This issue was fixed in the openstack/openstack-ansible 11.2.14 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.