-
Bug
-
Resolution: Done
-
Major
-
quay-v3.5.0, quay-v3.6.0
-
False
-
False
-
Undefined
-
Description:
This is an issue found when configure quay to LDAPS as quay authentication, after upload the SSL cert of LDAPS via quay config editor, now if the provided CA Cert's expire time is before the current time, the result is validation was passed, after triggered reconfigure quay, new quay app pod was failed to start.
The expected behavior should be quay config editor give correct error message and block users to use this invalid SSL CA Cert.
Note: This issue is not FIPS specific issue.
Quay Version:
oc get pod quay-operator.v3.5.0-84fd6cb6d-kks9v -o json | jq '.spec.containers[0].image' "registry.redhat.io/quay/quay-operator-rhel8@sha256:462859633951f0019092dc065e19d2d538cdfc682dde524e9c67c0ac4d90e875" oc get pod quayregistry-quay-config-editor-5bcf6b5766-gb696 -o json | jq '.spec.containers[0].image' "registry.redhat.io/quay/quay-rhel8@sha256:559a247a810d290911ec09062ff2ae583d73d50625b6bb12d59e5e60a442ac6d"
The target LDAPS CA Cert is expired:
Quay config editor validation is passed with expired LDAPS CA Cert
New Quay APP POD was failed to start and report SSL Cert expired error: