Vault charm does not handle Microsoft line endings in SSL certificates well
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vault-charm |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
Hello,
We encountered an issue where customer-supplied certificates may contain Microsoft or DOS line endings (e.g., CRLF, `^M`).
When setting the `ssl-cert` and `ssl-chain` configuration options with the variant certificates, the certificate template for `/var/snap/
To resolve this, the Vault charm would need to account for the possibility of mixed line endings and normalize them.
This could be achieved fairly trivially in Python:
```python
certificate.
```
#### Method to reproduce
##### Set the `ssl-cert` and `ssl-chain` options
Use Microsoft line endings on `ssl-cert`:
```bash
juju config vault \
ssl-cert="$(cat cert-with-crlf.crt | base64 -w0)" \
ssl-
```
##### Inspect the rendered certificate
On the `vault` unit:
```bash
sudo view /var/snap/
```
```
-----BEGIN CERTIFICATE-----^M
CERTIFICATE WITH MICROSOFT LINE-ENDINGS [...]^M
-----END CERTIFICATE-
CHAIN STARTS HERE [...]
```
Changed in vault-charm: | |
importance: | Undecided → Wishlist |
status: | New → Triaged |
tags: | added: good-first-bug |