Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 583754
| Summary: | pki-silent needs an option to configure signing algorithm for CA certificates | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] Dogtag Certificate System | Reporter: | Andrew Wnuk <awnuk> | ||||||||
| Component: | Installation Wizard | Assignee: | Ade Lee <alee> | ||||||||
| Status: | CLOSED EOL | QA Contact: | Ben Levenson <benl> | ||||||||
| Severity: | medium | Docs Contact: | |||||||||
| Priority: | medium | ||||||||||
| Version: | unspecified | CC: | dpal, jgalipea, mharmsen | ||||||||
| Target Milestone: | --- | ||||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2020-03-27 20:05:14 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Bug Depends On: | |||||||||||
| Bug Blocks: | 541012 | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Andrew Wnuk
2010-04-19 16:34:50 UTC
Created attachment 460884 [details]
patch to fix
8.1: [vakwetu@goofy-vm4 silent]$ svn ci -m "Bugzilla Bug 583754 - pki-silent needs an option to configure signing algorithm for CA certificates" Sending silent/src/ca/ConfigureCA.java Sending silent/src/subca/ConfigureSubCA.java Sending silent/templates/pki_silent.template Sending silent/templates/subca_silent.template Transmitting file data .... Committed revision 1506. tip: [vakwetu@dhcp231-121 silent]$ svn ci -m "Bugzilla Bug 583754 - pki-silent needs an option to configure signing algorithm for CA certificates" Sending silent/src/ca/ConfigureCA.java Sending silent/src/subca/ConfigureSubCA.java Sending silent/templates/pki_silent.template Sending silent/templates/subca_silent.template Transmitting file data .... Committed revision 1507. FYI - this submission will change the invocation of pkisilent for the configuration of a CA and subCA.
For both CA and subCA, new parameters are added:
-signing_algorithm ${ca_signing_algorithm} \
-signing_signingalgorithm ${ca_signing_signingalgorithm} \
-ocsp_signing_signingalgorithm ${ca_ocsp_signing_signingalgorithm} \
For subCA, the following parameter has been removed:
-key_algorithm
See the new templates for explanantions of the new parameters.
Created attachment 463019 [details]
pkisilent script for successful CA configuration
I think there may be a problem with the patch. Aren't these new signing arguments meant to be optional with a default of SHA256withRSA? As currently implemented the arg parser is demanding they be provided on the command line. A quick look at the code suggests the SHA256withRSA value will be provided as a default but the arg parser aborts the process before we get that far because it believes the argument is required. Required parameter -signing_algorithm is not specified. This occurs because the string "optional" does not appear in the argument description set via parser.addOption(). (ArgParser.java line 1711). Was it intended these arguments were meant to be required? RE comment 8: Agreed, I noticed that you attached a patch to https://bugzilla.redhat.com/show_bug.cgi?id=588323. which I reviewed and approved. I am closing this bug then, pending the application of that patch. Make sure that the changes are checked into both 8.1 and the tip. Created attachment 471495 [details]
make signing_algorithm arg optional
Actual patch which was committed. Note, this also includes documentation of the default values in the usage message.
dogtag commit: Committed revision 1679 CS 8.1 commit: Committed revision 1680 |