concatenation of certificates for haproxy incorrect

Bug #1493421 reported by Jean-Philippe Evrard on 2015-09-08
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-ansible
High
Jean-Philippe Evrard
Kilo
High
Jean-Philippe Evrard
Trunk
High
Jean-Philippe Evrard

Bug Description

If you provide a CA in addition to your certificate file (with a certificate that is not complete), then the concatenation is wrongly done for haproxy.pem.

Changed in openstack-ansible:
assignee: nobody → Jean-Philippe Evrard (jean-philippe-evrard)

Fix proposed to branch: master
Review: https://review.openstack.org/221361

Changed in openstack-ansible:
status: New → In Progress

Reviewed: https://review.openstack.org/221361
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=aba131d77619e8b00ac4b9f4a93cbe86dc570037
Submitter: Jenkins
Branch: master

commit aba131d77619e8b00ac4b9f4a93cbe86dc570037
Author: Jean-Philippe Evrard <email address hidden>
Date: Tue Sep 8 17:24:15 2015 +0200

    Changed certificate order for pem generation with CA files

    pem generation should always start from closer certificate
    to the top of the chain. This commit fixes that.

    Change-Id: I315bf4f818cc8eb606823a48843f1931e1779223
    Closes-Bug: #1493421

Changed in openstack-ansible:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/221682
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=0036b352852d600d796ae7c2ea25c42590646d5e
Submitter: Jenkins
Branch: kilo

commit 0036b352852d600d796ae7c2ea25c42590646d5e
Author: Jean-Philippe Evrard <email address hidden>
Date: Tue Sep 8 17:24:15 2015 +0200

    Changed certificate order for pem generation with CA files

    pem generation should always start from closer certificate
    to the top of the chain. This commit fixes that.

    Change-Id: I315bf4f818cc8eb606823a48843f1931e1779223
    Closes-Bug: #1493421
    (cherry picked from commit aba131d77619e8b00ac4b9f4a93cbe86dc570037)

This issue was fixed in the openstack/openstack-ansible 11.2.11 release.

This issue was fixed in the openstack/openstack-ansible 11.2.12 release.

This issue was fixed in the openstack/openstack-ansible 11.2.14 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers