-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.19
-
Low
-
None
-
NE Sprint 264, NE Sprint 265
-
2
-
Rejected
-
False
-
-
N/A
-
Release Note Not Required
-
In Progress
Description of problem:
The default of the default cert in the router, default_pub_keys.pem, uses SHA1 and fails to load if any of the DEFAULT_CERTIFICATE, DEFAULT_CERTIFICATE_PATH, or DEFAULT_CERTIFICATE_DIR are NOT specified on the router deployment. This isn't an active problem for our supported router scenarios because default_pub_keys.pem is never used since DEFAULT_CERTIFICATE_DIR is always specified. But it does impact E2E testing such as when we create router deployments with no default cert, which attempts to load default_pub_keys.pem, which HAProxy fails on now because it's SHA1. So, both a completeness fix, and a fix to help make E2E tests simpler in origin.
Version-Release number of selected component (if applicable):
4.16+
How reproducible:
100%
Steps to Reproduce:
1. openssl x509 -in ./images/router/haproxy/conf/default_pub_keys.pem -noout -text
Actual results:
... Signature Algorithm: sha1WithRSAEncryption ...
Expected results:
... Signature Algorithm: sha256WithRSAEncryption ...
Additional info:
- relates to
-
-
- POST
-
- links to