Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-45290

[OCP4.16] Routes with SHA1 CA certificate break HAProxy reloading

XMLWordPrintable

    • Moderate
    • None
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

          Routes with SHA1 CA certificates (spec.tls.caCertificate) break HAProxy preventing reload

      Version-Release number of selected component (if applicable):

          4.16

      How reproducible:

          Always

      Steps to Reproduce:

          1. create Route with SHA1 CA certificates
    2.
    3.

      Actual results:

          HAProxy router fails to reload

      Expected results:

          HAProxy router should either reject Routes with SHA1 CA certificates, or reload successfully

      Additional info:

          [ALERT]    (312) : config : parsing [/var/lib/haproxy/conf/haproxy.config:131] : 'bind unix@/var/lib/haproxy/run/haproxy-sni.sock' in section 'frontend' : 'crt-list' : error processing line 1 in file '/var/lib/haproxy/conf/cert_config.map' : unable to load chain certificate into SSL Context '/var/lib/haproxy/router/certs/test:test.pem': ca md too weak.

[ALERT]    (312) : config : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config

[ALERT]    (312) : config : Fatal errors found in configuration.

      This is a continuation/variance of https://issues.redhat.com/browse/OCPBUGS-26498

              gspence@redhat.com Grant Spence
              rhn-support-bshirren Brendan Shirren
              Shudi Li Shudi Li
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: