URL: https://github.com/SSSD/sssd/pull/5463 Author: peptekmail Title: #5463: Add rsassapss cert for future checks Action: opened
PR body: """ 3rd party smartcard providers sometimes use rsassapss for signing combined with a smaller nonstandard exponent. Unexpected characters in the commonname field creates troubles. Add more unexpected settings to this cert to easily create future checks. """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5463/head:pr5463 git checkout pr5463
URL: https://github.com/SSSD/sssd/pull/5463 Author: peptekmail Title: #5463: Add rsassapss cert for future checks Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5463/head:pr5463 git checkout pr5463
URL: https://github.com/SSSD/sssd/pull/5463 Title: #5463: Add rsassapss cert for future checks
peptekmail commented: """ Closed by accident, I would like to add this cert for future checks. If it shold be fine in some other way, please let me know. """
See the full comment at https://github.com/SSSD/sssd/pull/5463#issuecomment-761539443
URL: https://github.com/SSSD/sssd/pull/5463 Author: peptekmail Title: #5463: Add rsassapss cert for future checks Action: reopened
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5463/head:pr5463 git checkout pr5463
URL: https://github.com/SSSD/sssd/pull/5463 Title: #5463: Add rsassapss cert for future checks
sumit-bose commented: """ Hi,
thanks for the patch, the tests are failing because of
``` FAIL: src/tests/whitespace_test ===============================
Trailing whitespace found: ../src/tests/test_CA/SSSD_test_cert_0007.config:23: FAIL src/tests/whitespace_test (exit status: 1) ```
can you remove the empty lines at the end of `SSSD_test_cert_0007.config`?
There is also the comment
``` # This certificate is used in # - src/tests/cmocka/test_cert_utils.c # - src/tests/cmocka/test_pam_srv.c ```
but so far the new certificate is not used in those tests. Can you add tests with this certificate as well?
bye, Sumit
"""
See the full comment at https://github.com/SSSD/sssd/pull/5463#issuecomment-761573235
URL: https://github.com/SSSD/sssd/pull/5463 Author: peptekmail Title: #5463: Add rsassapss cert for future checks Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5463/head:pr5463 git checkout pr5463
URL: https://github.com/SSSD/sssd/pull/5463 Title: #5463: Add rsassapss cert for future checks
sumit-bose commented: """ Hi,
thanks for the fixes, I added another small comment.
Iirc you originally had issues with a ssh-key generated from a certificate. Did a pss certificate caused the issue? Currently it looks like SSSD is able to generate the expected ssh-key, do you still have certificates where the ssh-key generation produces unexpected results?
bye, Sumit """
See the full comment at https://github.com/SSSD/sssd/pull/5463#issuecomment-762744434
Hello and thanks for all the help!
I still have issues with reproducing the problem with a certificate produced by openssl. Producing the whole certificate with softhsm2 and p11tool and extending the integration tests would be the next step I guess. For obvious reasons, pushing 3rd party certificates to the repo would be a bad idea.
On Tue, Jan 19, 2021 at 11:16 AM sumit-bose < sssd-github-notification@fedorahosted.org> wrote:
URL: https://github.com/SSSD/sssd/pull/5463 Title: #5463: Add rsassapss cert for future checks
sumit-bose commented: """ Hi,
thanks for the fixes, I added another small comment.
Iirc you originally had issues with a ssh-key generated from a certificate. Did a pss certificate caused the issue? Currently it looks like SSSD is able to generate the expected ssh-key, do you still have certificates where the ssh-key generation produces unexpected results?
bye, Sumit """
See the full comment at https://github.com/SSSD/sssd/pull/5463#issuecomment-762744434 _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.o...
URL: https://github.com/SSSD/sssd/pull/5463 Author: peptekmail Title: #5463: Add rsassapss cert for future checks Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5463/head:pr5463 git checkout pr5463
URL: https://github.com/SSSD/sssd/pull/5463 Title: #5463: Add rsassapss cert for future checks
sumit-bose commented: """ Hi,
for some reasons your reply was only on sssd-devel. Since key and certificate were generated with special OpenSSL options I'm fine with adding this PR to the existing tests. Please send a new PR if you are able to reproduce you original issue with the certificate from the 3rd party CA.
bye, Sumit """
See the full comment at https://github.com/SSSD/sssd/pull/5463#issuecomment-766931440
URL: https://github.com/SSSD/sssd/pull/5463 Title: #5463: Add rsassapss cert for future checks
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/5463 Title: #5463: Add rsassapss cert for future checks
Label: +Ready to push
URL: https://github.com/SSSD/sssd/pull/5463 Title: #5463: Add rsassapss cert for future checks
Label: -Ready to push
URL: https://github.com/SSSD/sssd/pull/5463 Title: #5463: Add rsassapss cert for future checks
Label: +Ready to push
URL: https://github.com/SSSD/sssd/pull/5463 Title: #5463: Add rsassapss cert for future checks
pbrezina commented: """ Pushed PR: https://github.com/SSSD/sssd/pull/5463
* `master` * 7f3576ea3e0b70199b0b9f66f4182ce0da9db052 - Add rsassapss cert for future checks * 92ed415cd3139f29446879ce114fc0c1767ad5fd - Add rsassapss cert for future checks * 568bb1a0ffd683882fc5ad7b7f3fca40357fed1a - Add rsassapss cert for future checks
"""
See the full comment at https://github.com/SSSD/sssd/pull/5463#issuecomment-767467135
URL: https://github.com/SSSD/sssd/pull/5463 Title: #5463: Add rsassapss cert for future checks
Label: +Pushed
URL: https://github.com/SSSD/sssd/pull/5463 Title: #5463: Add rsassapss cert for future checks
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/5463 Title: #5463: Add rsassapss cert for future checks
Label: -Ready to push
URL: https://github.com/SSSD/sssd/pull/5463 Author: peptekmail Title: #5463: Add rsassapss cert for future checks Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5463/head:pr5463 git checkout pr5463
sssd-devel@lists.fedorahosted.org
-
pbrezina -
peptekmail
-
Per-Erik Persson -
sumit-bose