Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refs #15538: Check for nssdb cert as the beginning of a line #92

Merged
merged 1 commit into from
Jul 7, 2016
Merged

Refs #15538: Check for nssdb cert as the beginning of a line #92

merged 1 commit into from
Jul 7, 2016

Conversation

ehelms
Copy link
Member

@ehelms ehelms commented Jul 6, 2016

When using something short and non-specific like 'ca' to grep the
nssdb output, other words in the nssdb can pass the test. For example,

[root@sat-r220-02 ~]# certutil -L -d /etc/pki/katello/nssdb

Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI

amqp-client ,,
broker u,u,u

The 'ca' in 'Certificate Nickname' passes the 'grep ca' test.

@stbenjam
Copy link
Member

stbenjam commented Jul 6, 2016
edited
Loading

How about a \b (end of word) too just to be safe?

In the very unlikely event another certificate has the same prefix (catello and ca for example would).

[root@sat-r220-06 ~]# certutil -L -d /etc/pki/katello/nssdb | grep '^ca\b'
ca                                                           CT,C,c

Edit: \b instead of \s

@ehelms
Copy link
Member Author

ehelms commented Jul 6, 2016

Updated

@stbenjam
Copy link
Member

stbenjam commented Jul 6, 2016

APJ

@iNecas
Copy link
Member

iNecas commented Jul 7, 2016

👍 failure tests unrelated

@ekohl
Copy link
Member

ekohl commented Jul 7, 2016

Tests should pass after a rebase

@ehelms
Refs #15538: Check for nssdb cert as the beginning of a line
590c932 
When using something short and non-specific like 'ca' to grep the
nssdb output, other words in the nssdb can pass the test. For example,

[root@sat-r220-02 ~]# certutil -L -d /etc/pki/katello/nssdb

Certificate Nickname                               Trust Attributes
                                                   SSL,S/MIME,JAR/XPI

amqp-client                                                  ,,
broker                                                       u,u,u

The 'ca' in 'Certificate Nickname' passes the 'grep ca' test.
@ehelms ehelms merged commit e1f168d into theforeman:master Jul 7, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ehelms @stbenjam @iNecas @ekohl