commit 53e32d07237bbe181edd34f59e20c0c7e6b61953
Author: Rei Oliveira <email address hidden>
Date: Fri Oct 1 14:41:57 2021 -0300
Keep files that don't have private key information
For security reasons, system certificate-install deletes the
file passed as parameter after a successful installation.
It shows a warning describing what it is doing:
'WARNING: For security reasons, the original certificate,
containing the private key, will be removed,
once the private key is processed.'
The actual behaviour, however, is different than that. It is
deleting the file regardless of whether it contains the
private key information or not.
That is incorrect. If the file does not contain any private
key, such as ssl_ca or openstack_ca, it should not delete
the file.
This change fixes that: If file has a private key, it deletes
it, otherwise it is kept.
Test cases:
PASSED: Verify that a software patch of this change works
fine with sw-patch cli
PASSED: Verify that files that contain a private key get
deleted after a successful installation, by installing a ssl
rest api certificate (-m ssl)
PASSED: Verify that files that contain a private will be kept
if the installation fails, by testing with a bad file
PASSED: Verify that files that do not contain a private key
are kept after a successful installation, by installing a new
Trusted CA certificate (-m ssl_ca)
Closes-Bug: 1945818
Change-Id: Ie07548d3bb84dda4a1d9e2a365a28febc941663e
Signed-off-by: Rei Oliveira <email address hidden>
Reviewed: https:/ /review. opendev. org/c/starlingx /config/ +/812185 /opendev. org/starlingx/ config/ commit/ 53e32d07237bbe1 81edd34f59e20c0 c7e6b61953
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 53e32d07237bbe1 81edd34f59e20c0 c7e6b61953
Author: Rei Oliveira <email address hidden>
Date: Fri Oct 1 14:41:57 2021 -0300
Keep files that don't have private key information
For security reasons, system certificate-install deletes the
file passed as parameter after a successful installation.
It shows a warning describing what it is doing:
'WARNING: For security reasons, the original certificate,
containing the private key, will be removed,
once the private key is processed.'
The actual behaviour, however, is different than that. It is
deleting the file regardless of whether it contains the
private key information or not.
That is incorrect. If the file does not contain any private
key, such as ssl_ca or openstack_ca, it should not delete
the file.
This change fixes that: If file has a private key, it deletes
it, otherwise it is kept.
Test cases:
PASSED: Verify that a software patch of this change works
fine with sw-patch cli
PASSED: Verify that files that contain a private key get
deleted after a successful installation, by installing a ssl
rest api certificate (-m ssl)
PASSED: Verify that files that contain a private will be kept
if the installation fails, by testing with a bad file
PASSED: Verify that files that do not contain a private key
are kept after a successful installation, by installing a new
Trusted CA certificate (-m ssl_ca)
Closes-Bug: 1945818 a4a1d9e2a365a28 febc941663e
Change-Id: Ie07548d3bb84dd
Signed-off-by: Rei Oliveira <email address hidden>