2019.2/py3/x509 some comparison py3 types issues #52026
Comments
garethgreenaway
added
Bug
|
@arsiesys Thanks for the report. Can you confirm that your proposed fix works consistently in both Py2 and Py3? |
|
Maybe I made a wrong install or mistake somewhere... Will try to do further test an other day :/ Regarding the debug logs, it seems that the publish command reach the master but my ca "minion server" do not seems to react in debug logs (receive nothing ?) |
|
I made quick test on Salt: 2019.2.0
Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: Not Installed
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
Jinja2: 2.7.2
libgit2: Not Installed
libnacl: Not Installed
M2Crypto: 0.31.0
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.5.6
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: 2.6.1
pycryptodome: 3.7.3
pygit2: Not Installed
Python: 2.7.5 (default, Oct 30 2018, 23:45:53)
python-gnupg: Not Installed
PyYAML: 3.11
PyZMQ: 15.3.0
RAET: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 4.2.1
ZMQ: 4.1.4
System Versions:
dist: centos 7.6.1810 Core
locale: UTF-8
machine: x86_64
release: 3.10.0-957.5.1.el7.x86_64
system: Linux
version: CentOS Linux 7.6.1810 Core |
|
I found a similar bug in |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue. |
waynew
added
the
Confirmed
|
Thank you for updating this issue. It is no longer marked as stale. |
|
I'm looking into this at the moment and I was thinking perhaps the issue could have been in m2crypto, since we were getting different subject hashes on Python2 and Python 3, causing Line 801 in 9536d32 But I've verified that both m2crypto on py2 and py3 return the same subject hash, so when we're generating our |
|
Please state otherwise, but I believe this is no longer an issue, at least on v3001rc1 onward. |
|
@s0undt3ch can you verify this is corrected with a sha or PR link? |
|
The types comparison is no longer an issue under Py3, just because it's py3, so this one is fixed. |
sagetherage
added
Magnesium
|
Got it so it may only be partially fixed, so I updated the labels and let's test this again once that is re-written. The reference ticket is for Magnesium release. |
sagetherage
removed
fixed-pls-verify
|
Ok, the module still needs to be re-written, and the label is confusing since what is in place is more of a work-around, so I am updating this and will get it into planning soon. |
|
This can also have a PR written against it for the module re-write |
|
Last comparison issue must be fixed with #58296 So, after all "recent" changes:
I suppose |
|
The two problems at the top of this issue are now fixed. |
Description of Issue/Question
ISSUE 1While running a state x509.certificate_managed on the current x509 of the branches 2019.2 (not the one from the .deb which already fail before that). I got the following error:
The state is including a "managed_private_key" on the same file which is the use case at the origin of the previous error cause it will try to concatenate both certificates in a same file.
I was able to fix it by adding a .decode() on the following line:
32ed6d4#diff-5499a295a50d60a761c34f4080e4014bR459
The certificate was then generated now.. but it's regenerated and replaced at each execution due to an other issue.
ISSUE 2To decide if x509 is going to replace the local certificate or not, it will compare some elements of the certificate including the Issuer public key.. The local one, when read with the module will return a bytes type while the new generated one will be in str... Then the comparison fail and the certificate replaced...
I proposed the following fix:
32ed6d4#diff-4dc56ad912db8d1856c286cd18fc6cdeR729
Versions Report
The text was updated successfully, but these errors were encountered: