Block the addition of ssl_ca certificates with the same subject name
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
Karla Felix |
Bug Description
Brief Description
-----------------
The sysinv software currently allows the addition of multiple ssl_ca certificates with the same subject name. This results in later failure if one of these certificates is no longer valid.
This is recommended to block the addition of ssl_ca certificates with the same subject name to prevent this issue in the first place.
Severity
--------
<Minor: System/Feature is usable with minor issue>
Steps to Reproduce
------------------
- system certificate-install -m ssl_ca <ca certificate>
- system certificate-install -m ssl_ca <duplicate ca certificate>
Expected Behavior
------------------
The second cmd returns an error indicating that the certificate has the same subject name
Actual Behavior
----------------
The second cmd goes through
Reproducibility
---------------
Reproducible
System Configuration
-------
Any
Branch/Pull Time/Commit
-------
any recent load, but this is a day 1 code oversight
Last Pass
---------
Never
Timestamp/Logs
--------------
Not Required
Test Activity
-------------
Regression Testing
Workaround
----------
Avoid adding certificates with the same subject name
Changed in starlingx: | |
importance: | Undecided → Low |
status: | New → Triaged |
assignee: | nobody → Karla Felix (kkarolin) |
tags: | added: stx.config stx.security |
Changed in starlingx: | |
status: | Triaged → In Progress |
tags: | added: stx.8.0 |
Fix proposed to branch: master /review. opendev. org/c/starlingx /ansible- playbooks/ +/851894
Review: https:/