diff options
| author | Tim Bielawa <tbielawa@redhat.com> | 2017-06-23 11:20:06 -0400 |
|---|---|---|
| committer | Tim Bielawa <tbielawa@redhat.com> | 2017-06-23 11:20:06 -0400 |
| commit | b45b2ff5412b29ae995027cdd1982a1dec0066d7 (patch) | |
| tree | 9d15736ebcb07287b4c2b5e64112bcef688be8b3 /roles/openshift_certificate_expiry/test | |
| parent | 272288b9d7a771f72af1e6b9c3fbb68a1030b6a3 (diff) | |
| download | openshift-b45b2ff5412b29ae995027cdd1982a1dec0066d7.tar.gz openshift-b45b2ff5412b29ae995027cdd1982a1dec0066d7.tar.bz2 openshift-b45b2ff5412b29ae995027cdd1982a1dec0066d7.tar.xz openshift-b45b2ff5412b29ae995027cdd1982a1dec0066d7.zip | |
Fix parsing certs with very large serial numbers
Certificates with large serial numbers (such as those from commercial
vendors) previously failed to parse due to absent logic in the
FakeOpenSSLCertificate parser. This would cause the module to abort
and break any other roles depending on the cert expiry checking
results.
* Identifies large serials in HEX format for decimal conversion
* Update unit tests to parse a large serial
Diffstat (limited to 'roles/openshift_certificate_expiry/test')
| -rw-r--r-- | roles/openshift_certificate_expiry/test/conftest.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/roles/openshift_certificate_expiry/test/conftest.py b/roles/openshift_certificate_expiry/test/conftest.py index 4ca35ecbc..df948fff0 100644 --- a/roles/openshift_certificate_expiry/test/conftest.py +++ b/roles/openshift_certificate_expiry/test/conftest.py @@ -23,7 +23,10 @@ VALID_CERTIFICATE_PARAMS = [ { 'short_name': 'combined', 'cn': 'combined.example.com', - 'serial': 6, + # Verify that HUGE serials parse correctly. + # Frobs PARSING_HEX_SERIAL in _parse_cert + # See https://bugzilla.redhat.com/show_bug.cgi?id=1464240 + 'serial': 14449739080294792594019643629255165375, 'uses': b'clientAuth, serverAuth', 'dns': ['etcd'], 'ip': ['10.0.0.2', '192.168.0.2'] |