-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.19
-
Low
-
None
-
NE Sprint 265, NI&D Sprint 266
-
2
-
Rejected
-
False
-
-
N/A
-
Release Note Not Required
-
In Progress
This is a clone of issue OCPBUGS-47761. The following is the description of the original issue:
—
Description of problem:
The default of the default cert in the router, default_pub_keys.pem, uses SHA1 and fails to load if any of the DEFAULT_CERTIFICATE, DEFAULT_CERTIFICATE_PATH, or DEFAULT_CERTIFICATE_DIR are NOT specified on the router deployment. This isn't an active problem for our supported router scenarios because default_pub_keys.pem is never used since DEFAULT_CERTIFICATE_DIR is always specified. But it does impact E2E testing such as when we create router deployments with no default cert, which attempts to load default_pub_keys.pem, which HAProxy fails on now because it's SHA1. So, both a completeness fix, and a fix to help make E2E tests simpler in origin.
Version-Release number of selected component (if applicable):
4.16+
How reproducible:
100%
Steps to Reproduce:
1. openssl x509 -in ./images/router/haproxy/conf/default_pub_keys.pem -noout -text
Actual results:
... Signature Algorithm: sha1WithRSAEncryption ...
Expected results:
... Signature Algorithm: sha256WithRSAEncryption ...
Additional info:
- clones
-
-
- Verified
-
- is blocked by
-
-
- Verified
-
- links to
-
RHEA-2024:6122
OpenShift Container Platform 4.18.z bug fix update